Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
metagauss vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2023-47644
Cross-Site Request Forgery (CSRF) vulnerability in profilegrid ProfileGrid – User Profiles, Memberships, Groups and Communities.This issue affects ProfileGrid – User Profiles, Memberships, Groups and Communities: from n/a up to and including 5.6.6.
Metagauss Profilegrid
4.8
CVSSv3
CVE-2022-0232
The User Registration, Login & Landing Pages WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the loader_text parameter found in the ~/includes/templates/landing-page.php file which allows attackers with administrative user access...
Metagauss Leadmagic
7.2
CVSSv3
CVE-2022-0420
The RegistrationMagic WordPress plugin prior to 5.0.2.2 does not sanitise and escape the rm_form_id parameter before using it in a SQL statement in the Automation admin dashboard, allowing high privilege users to perform SQL injection attacks
Metagauss Registrationmagic
9.8
CVSSv3
CVE-2023-2499
The RegistrationMagic plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.2.1.0. This is due to insufficient verification on the user being supplied during a Google social login through the plugin. This makes it possible for unauthentic...
Metagauss Registrationmagic
4.3
CVSSv3
CVE-2020-9455
The RegistrationMagic plugin up to and including 4.6.0.3 for WordPress allows remote authenticated users (with minimal privileges) to send arbitrary emails on behalf of the site via class_rm_user_services.php send_email_user_view.
Metagauss Registrationmagic
8.8
CVSSv3
CVE-2020-9456
In the RegistrationMagic plugin up to and including 4.6.0.3 for WordPress, the user controller allows remote authenticated users (with minimal privileges) to elevate their privileges to administrator via class_rm_user_controller.php rm_user_edit.
Metagauss Registrationmagic
8.8
CVSSv3
CVE-2020-9458
In the RegistrationMagic plugin up to and including 4.6.0.3 for WordPress, the export function allows remote authenticated users (with minimal privileges) to export submitted form data and settings via class_rm_form_controller.php rm_form_export.
Metagauss Registrationmagic
6.1
CVSSv3
CVE-2021-24648
The RegistrationMagic WordPress plugin prior to 5.0.1.9 does not sanitise and escape the rm_search_value parameter before outputting back in an attribute, leading to a Reflected Cross-Site Scripting
Metagauss Registrationmagic
8.8
CVSSv3
CVE-2020-9454
A CSRF vulnerability in the RegistrationMagic plugin up to and including 4.6.0.3 for WordPress allows remote malicious users to forge requests on behalf of a site administrator to change all settings for the plugin, including deleting users, creating new roles with escalated priv...
Metagauss Registrationmagic
8.8
CVSSv3
CVE-2020-9457
The RegistrationMagic plugin up to and including 4.6.0.3 for WordPress allows remote authenticated users (with minimal privileges) to import custom vulnerable forms and change form settings via class_rm_form_settings_controller.php, resulting in privilege escalation.
Metagauss Registrationmagic
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »