Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
metagauss vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2023-4250
The EventPrime WordPress plugin prior to 3.2.0 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
Metagauss Eventprime
4.3
CVSSv3
CVE-2023-4251
The EventPrime WordPress plugin prior to 3.2.0 does not have CSRF checks when creating bookings, which could allow malicious users to make logged in users create unwanted bookings via CSRF attacks.
Metagauss Eventprime
5.3
CVSSv3
CVE-2023-4252
The EventPrime WordPress plugin up to and including 3.2.9 specifies the price of a booking in the client request, allowing an malicious user to purchase bookings without payment.
Metagauss Eventprime
8.8
CVSSv3
CVE-2022-36352
Missing Authorization vulnerability in Profilegrid ProfileGrid – User Profiles, Memberships, Groups and Communities.This issue affects ProfileGrid – User Profiles, Memberships, Groups and Communities: from n/a up to and including 5.0.3.
Metagauss Profilegrid
8.8
CVSSv3
CVE-2023-0940
The ProfileGrid WordPress plugin prior to 5.3.1 provides an AJAX endpoint for resetting a user password but does not implement proper authorization. This allows a user with low privileges, such as subscriber, to change the password of any account, including Administrator ones.
Metagauss Profilegrid
8.8
CVSSv3
CVE-2023-47644
Cross-Site Request Forgery (CSRF) vulnerability in profilegrid ProfileGrid – User Profiles, Memberships, Groups and Communities.This issue affects ProfileGrid – User Profiles, Memberships, Groups and Communities: from n/a up to and including 5.6.6.
Metagauss Profilegrid
8.8
CVSSv3
CVE-2023-47645
Cross-Site Request Forgery (CSRF) vulnerability in RegistrationMagic RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login allows Cross Site Request Forgery.This issue affects RegistrationMagic – Custom Registration Forms, User Regi...
Metagauss Registrationmagic
4.3
CVSSv3
CVE-2023-3403
The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pm_upload_csv' function in versions up to, and including, 5.5.1. This makes it possible for authenticated attackers, with subscriber-level p...
Metagauss Profilegrid
4.9
CVSSv3
CVE-2023-3404
The ProfileGrid plugin for WordPress is vulnerable to unauthorized decryption of private information in versions up to, and including, 5.5.0. This is due to the passphrase and iv being hardcoded in the 'pm_encrypt_decrypt_pass' function and used across all sites running...
Metagauss Profilegrid
5.4
CVSSv3
CVE-2022-0233
The ProfileGrid – User Profiles, Memberships, Groups and Communities WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the pm_user_avatar and pm_cover_image parameters found in the ~/admin/class-profile-magic-admin.php file which...
Metagauss Profilegrid
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5841
file upload
man-in-the-middle
arbitrary
CVE-2024-27801
CVE-2024-28020
CVE-2024-30080
CVE-2024-30069
CVE-2024-5843
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »