Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
metagauss vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2021-4073
The RegistrationMagic WordPress plugin made it possible for unauthenticated users to log in as any site user, including administrators, if they knew a valid username on the site due to missing identity validation in the social login function social_login_using_email() of the plug...
Metagauss Registrationmagic
6.8
CVSSv2
CVE-2020-9454
A CSRF vulnerability in the RegistrationMagic plugin up to and including 4.6.0.3 for WordPress allows remote malicious users to forge requests on behalf of a site administrator to change all settings for the plugin, including deleting users, creating new roles with escalated priv...
Metagauss Registrationmagic
6.5
CVSSv2
CVE-2022-0420
The RegistrationMagic WordPress plugin prior to 5.0.2.2 does not sanitise and escape the rm_form_id parameter before using it in a SQL statement in the Automation admin dashboard, allowing high privilege users to perform SQL injection attacks
Metagauss Registrationmagic
6.5
CVSSv2
CVE-2021-24862
The RegistrationMagic WordPress plugin prior to 5.0.1.6 does not escape user input in its rm_chronos_ajax AJAX action before using it in a SQL statement when duplicating tasks in batches, which could lead to a SQL injection issue
Metagauss Registrationmagic
6.5
CVSSv2
CVE-2020-9457
The RegistrationMagic plugin up to and including 4.6.0.3 for WordPress allows remote authenticated users (with minimal privileges) to import custom vulnerable forms and change form settings via class_rm_form_settings_controller.php, resulting in privilege escalation.
Metagauss Registrationmagic
6.5
CVSSv2
CVE-2020-9458
In the RegistrationMagic plugin up to and including 4.6.0.3 for WordPress, the export function allows remote authenticated users (with minimal privileges) to export submitted form data and settings via class_rm_form_controller.php rm_form_export.
Metagauss Registrationmagic
6.5
CVSSv2
CVE-2020-9456
In the RegistrationMagic plugin up to and including 4.6.0.3 for WordPress, the user controller allows remote authenticated users (with minimal privileges) to elevate their privileges to administrator via class_rm_user_controller.php rm_user_edit.
Metagauss Registrationmagic
6.5
CVSSv2
CVE-2019-15873
The profilegrid-user-profiles-groups-and-communities plugin prior to 2.8.6 for WordPress has remote code execution via an wp-admin/admin-ajax.php request with the action=pm_template_preview&html=<?php substring followed by PHP code.
Metagauss Profilegrid
5.5
CVSSv2
CVE-2020-8435
An issue exists in the RegistrationMagic plugin 4.6.0.0 for WordPress. There is SQL injection via the rm_analytics_show_form rm_form_id parameter.
Metagauss Registrationmagic 4.6.0.0
4.3
CVSSv2
CVE-2021-24648
The RegistrationMagic WordPress plugin prior to 5.0.1.9 does not sanitise and escape the rm_search_value parameter before outputting back in an attribute, leading to a Reflected Cross-Site Scripting
Metagauss Registrationmagic
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »