Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

metagauss vulnerabilities and exploits

(subscribe to this query)
7.2
CVSSv3

CVE-2022-0420

The RegistrationMagic WordPress plugin prior to 5.0.2.2 does not sanitise and escape the rm_form_id parameter before using it in a SQL statement in the Automation admin dashboard, allowing high privilege users to perform SQL injection attacks
Metagauss Registrationmagic
4.3
CVSSv3

CVE-2024-5453

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pm_dismissible_notice and pm_wizard_update_group_icon functions in all versions up to, and including, 5.8...
Metagauss Profilegrid
5.4
CVSSv3

CVE-2024-8861

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.9.3.2 due to incorrect use of the wp_kses_allowed_html function, which allows the 'onclick' attribute ...
Metagauss Profilegrid
6.5
CVSSv3

CVE-2024-9829

The Download Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability checks on the 'dpwap_handle_download_user' and 'dpwap_handle_download_comment' functions in all versions up to, and including, 2.2.0. This makes i...
Metagauss Download Plugin
6.5
CVSSv3

CVE-2023-0889

Themeflection Numbers WordPress plugin prior to 2.0.1 does not have authorisation and CSRF check in an AJAX action, and does not ensure that the options to be updated belong to the plugin. As a result, it could allow any authenticated users, such as subscriber, to update arbitrar...
Metagauss Themeflection Numbers
8.8
CVSSv3

CVE-2022-36345

Cross-Site Request Forgery (CSRF) vulnerability in Metagauss Download Plugin <= 2.0.4 versions.
Metagauss Download Plugin
5.7
CVSSv3

CVE-2021-24703

The Download Plugin WordPress plugin prior to 1.6.1 does not have capability and CSRF checks in the dpwap_plugin_activate AJAX action, allowing any authenticated users, such as subscribers, to activate plugins that are already installed.
Metagauss Download Plugin
4.3
CVSSv3

CVE-2021-25059

The Download Plugin WordPress plugin prior to 2.0.0 does not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site (such as subscriber) to download a full copy of the website.
Metagauss Download Plugin
8.1
CVSSv3

CVE-2020-8435

An issue exists in the RegistrationMagic plugin 4.6.0.0 for WordPress. There is SQL injection via the rm_analytics_show_form rm_form_id parameter.
Metagauss Registrationmagic 4.6.0.0
6.1
CVSSv3

CVE-2020-8436

XSS exists in the RegistrationMagic plugin 4.6.0.0 for WordPress via the rm_form_id, rm_tr, or form_name parameter.
Metagauss Registrationmagic 4.6.0.0
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
sourcecodesterCVE-2025-42599memory leakdifyCVE-2025-3826CVE-2025-30158tenableCVE-2025-2492cameraunprivilegedCVE-2025-3795CVE-2025-43918hiddenpearls
Home
/
Search Results
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook