Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
metagauss vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-5519
The EventPrime WordPress plugin prior to 3.2.0 does not have CSRF checks when creating bookings, which could allow malicious users to make logged in users create unwanted bookings via CSRF attacks.
Metagauss Eventprime
NA
CVE-2023-3403
The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pm_upload_csv' function in versions up to, and including, 5.5.1. This makes it possible for authenticated attackers, with subscriber-level p...
Metagauss Profilegrid
NA
CVE-2023-3404
The ProfileGrid plugin for WordPress is vulnerable to unauthorized decryption of private information in versions up to, and including, 5.5.0. This is due to the passphrase and iv being hardcoded in the 'pm_encrypt_decrypt_pass' function and used across all sites running...
Metagauss Profilegrid
NA
CVE-2023-6447
The EventPrime WordPress plugin prior to 3.3.6 lacks authentication and authorization, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id/event name.
Metagauss Eventprime
6.5
CVSSv2
CVE-2021-24862
The RegistrationMagic WordPress plugin prior to 5.0.1.6 does not escape user input in its rm_chronos_ajax AJAX action before using it in a SQL statement when duplicating tasks in batches, which could lead to a SQL injection issue
Metagauss Registrationmagic
NA
CVE-2023-2548
The RegistrationMagic plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 5.2.0.5. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This ma...
Metagauss Registrationmagic
NA
CVE-2023-2499
The RegistrationMagic plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.2.1.0. This is due to insufficient verification on the user being supplied during a Google social login through the plugin. This makes it possible for unauthentic...
Metagauss Registrationmagic
NA
CVE-2022-41791
Auth. (subscriber+) CSV Injection vulnerability in ProfileGrid plugin <= 5.1.6 on WordPress.
Metagauss Profilegrid
6.5
CVSSv2
CVE-2019-15873
The profilegrid-user-profiles-groups-and-communities plugin prior to 2.8.6 for WordPress has remote code execution via an wp-admin/admin-ajax.php request with the action=pm_template_preview&html=<?php substring followed by PHP code.
Metagauss Profilegrid
6.8
CVSSv2
CVE-2020-9454
A CSRF vulnerability in the RegistrationMagic plugin up to and including 4.6.0.3 for WordPress allows remote malicious users to forge requests on behalf of a site administrator to change all settings for the plugin, including deleting users, creating new roles with escalated priv...
Metagauss Registrationmagic
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »