Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
metagauss vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2023-25991
Cross-Site Request Forgery (CSRF) vulnerability in RegistrationMagic plugin <= 5.1.9.2 versions.
Metagauss Registrationmagic
8.8
CVSSv3
CVE-2023-47644
Cross-Site Request Forgery (CSRF) vulnerability in profilegrid ProfileGrid – User Profiles, Memberships, Groups and Communities.This issue affects ProfileGrid – User Profiles, Memberships, Groups and Communities: from n/a up to and including 5.6.6.
Metagauss Profilegrid
8.8
CVSSv3
CVE-2023-47645
Cross-Site Request Forgery (CSRF) vulnerability in RegistrationMagic RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login allows Cross Site Request Forgery.This issue affects RegistrationMagic – Custom Registration Forms, User Regi...
Metagauss Registrationmagic
6.1
CVSSv3
CVE-2022-3578
The ProfileGrid WordPress plugin prior to 5.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting
Metagauss Profilegrid
8.8
CVSSv3
CVE-2020-9458
In the RegistrationMagic plugin up to and including 4.6.0.3 for WordPress, the export function allows remote authenticated users (with minimal privileges) to export submitted form data and settings via class_rm_form_controller.php rm_form_export.
Metagauss Registrationmagic
7.2
CVSSv3
CVE-2021-24862
The RegistrationMagic WordPress plugin prior to 5.0.1.6 does not escape user input in its rm_chronos_ajax AJAX action before using it in a SQL statement when duplicating tasks in batches, which could lead to a SQL injection issue
Metagauss Registrationmagic
8.8
CVSSv3
CVE-2022-41791
Auth. (subscriber+) CSV Injection vulnerability in ProfileGrid plugin <= 5.1.6 on WordPress.
Metagauss Profilegrid
6.1
CVSSv3
CVE-2023-5238
The EventPrime WordPress plugin prior to 3.2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to an HTML Injection on the plugin in the search area of the website.
Metagauss Eventprime
5.3
CVSSv3
CVE-2023-6447
The EventPrime WordPress plugin prior to 3.3.6 lacks authentication and authorization, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id/event name.
Metagauss Eventprime
6.1
CVSSv3
CVE-2023-35884
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in EventPrime plugin <= 3.0.5 versions.
Metagauss Eventprime
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924
CVE-2024-3400
overflow
CVE-2024-23528
CVE-2024-21338
CVE-2024-3818
CVE-2024-23535
NULL pointer dereference
elevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »