Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
metagauss vulnerabilities and exploits
(subscribe to this query)
4.9
CVSSv3
CVE-2023-3404
The ProfileGrid plugin for WordPress is vulnerable to unauthorized decryption of private information in versions up to, and including, 5.5.0. This is due to the passphrase and iv being hardcoded in the 'pm_encrypt_decrypt_pass' function and used across all sites running...
Metagauss Profilegrid
7.2
CVSSv3
CVE-2023-2548
The RegistrationMagic plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 5.2.0.5. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This ma...
Metagauss Registrationmagic
8.8
CVSSv3
CVE-2023-47644
Cross-Site Request Forgery (CSRF) vulnerability in profilegrid ProfileGrid – User Profiles, Memberships, Groups and Communities.This issue affects ProfileGrid – User Profiles, Memberships, Groups and Communities: from n/a up to and including 5.6.6.
Metagauss Profilegrid
8.8
CVSSv3
CVE-2023-47645
Cross-Site Request Forgery (CSRF) vulnerability in RegistrationMagic RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login allows Cross Site Request Forgery.This issue affects RegistrationMagic – Custom Registration Forms, User Regi...
Metagauss Registrationmagic
6.1
CVSSv3
CVE-2023-35884
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in EventPrime plugin <= 3.0.5 versions.
Metagauss Eventprime
9.8
CVSSv3
CVE-2023-2499
The RegistrationMagic plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.2.1.0. This is due to insufficient verification on the user being supplied during a Google social login through the plugin. This makes it possible for unauthentic...
Metagauss Registrationmagic
8.8
CVSSv3
CVE-2023-0940
The ProfileGrid WordPress plugin prior to 5.3.1 provides an AJAX endpoint for resetting a user password but does not implement proper authorization. This allows a user with low privileges, such as subscriber, to change the password of any account, including Administrator ones.
Metagauss Profilegrid
6.1
CVSSv3
CVE-2023-5238
The EventPrime WordPress plugin prior to 3.2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to an HTML Injection on the plugin in the search area of the website.
Metagauss Eventprime
8.8
CVSSv3
CVE-2022-41791
Auth. (subscriber+) CSV Injection vulnerability in ProfileGrid plugin <= 5.1.6 on WordPress.
Metagauss Profilegrid
4.3
CVSSv3
CVE-2023-5519
The EventPrime WordPress plugin prior to 3.2.0 does not have CSRF checks when creating bookings, which could allow malicious users to make logged in users create unwanted bookings via CSRF attacks.
Metagauss Eventprime
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »