Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
metagauss registrationmagic vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-51509
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metagauss RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login allows Reflected XSS.This issue affects RegistrationMagic &nda...
Metagauss Registrationmagic
4
CVSSv2
CVE-2020-9455
The RegistrationMagic plugin up to and including 4.6.0.3 for WordPress allows remote authenticated users (with minimal privileges) to send arbitrary emails on behalf of the site via class_rm_user_services.php send_email_user_view.
Metagauss Registrationmagic
6.5
CVSSv2
CVE-2020-9458
In the RegistrationMagic plugin up to and including 4.6.0.3 for WordPress, the export function allows remote authenticated users (with minimal privileges) to export submitted form data and settings via class_rm_form_controller.php rm_form_export.
Metagauss Registrationmagic
6.8
CVSSv2
CVE-2021-4073
The RegistrationMagic WordPress plugin made it possible for unauthenticated users to log in as any site user, including administrators, if they knew a valid username on the site due to missing identity validation in the social login function social_login_using_email() of the plug...
Metagauss Registrationmagic
4.3
CVSSv2
CVE-2021-24648
The RegistrationMagic WordPress plugin prior to 5.0.1.9 does not sanitise and escape the rm_search_value parameter before outputting back in an attribute, leading to a Reflected Cross-Site Scripting
Metagauss Registrationmagic
4.3
CVSSv2
CVE-2020-8436
XSS exists in the RegistrationMagic plugin 4.6.0.0 for WordPress via the rm_form_id, rm_tr, or form_name parameter.
Metagauss Registrationmagic 4.6.0.0
5.5
CVSSv2
CVE-2020-8435
An issue exists in the RegistrationMagic plugin 4.6.0.0 for WordPress. There is SQL injection via the rm_analytics_show_form rm_form_id parameter.
Metagauss Registrationmagic 4.6.0.0
NA
CVE-2023-23976
Incorrect Default Permissions vulnerability in Metagauss RegistrationMagic allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects RegistrationMagic: from n/a up to and including 5.1.9.2.
NA
CVE-2024-29113
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metagauss RegistrationMagic allows Reflected XSS.This issue affects RegistrationMagic: from n/a up to and including 5.2.5.9.
NA
CVE-2024-33947
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metagauss RegistrationMagic allows Reflected XSS.This issue affects RegistrationMagic: from n/a up to and including 5.3.2.0.
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »