Filtered by vendor Metagauss
Subscriptions
Total
48 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-41791 | 1 Metagauss | 1 Profilegrid | 2024-09-16 | 6.5 Medium |
| Auth. (subscriber+) CSV Injection vulnerability in ProfileGrid plugin <= 5.1.6 on WordPress. | ||||
| CVE-2021-4073 | 1 Metagauss | 1 Registrationmagic | 2024-09-16 | 9.8 Critical |
| The RegistrationMagic WordPress plugin made it possible for unauthenticated users to log in as any site user, including administrators, if they knew a valid username on the site due to missing identity validation in the social login function social_login_using_email() of the plugin. This affects versions equal to, and less than, 5.0.1.7. | ||||
| CVE-2024-39643 | 1 Metagauss | 1 Registrationmagic | 2024-09-11 | 5.8 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in RegistrationMagic Forms RegistrationMagic allows Stored XSS.This issue affects RegistrationMagic: from n/a through 6.0.0.1. | ||||
| CVE-2023-45637 | 1 Metagauss | 1 Eventprime | 2024-09-10 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in EventPrime EventPrime – Events Calendar, Bookings and Tickets plugin <= 3.1.5 versions. | ||||
| CVE-2024-8369 | 1 Metagauss | 1 Eventprime | 2024-09-10 | 5.3 Medium |
| The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access to Private or Password-protected events due to missing authorization checks in all versions up to, and including, 4.0.4.3. This makes it possible for unauthenticated attackers to view private or password-protected events. | ||||
| CVE-2022-36352 | 1 Metagauss | 1 Profilegrid | 2024-09-04 | 6.3 Medium |
| Missing Authorization vulnerability in Profilegrid ProfileGrid – User Profiles, Memberships, Groups and Communities.This issue affects ProfileGrid – User Profiles, Memberships, Groups and Communities: from n/a through 5.0.3. | ||||
| CVE-2023-47644 | 1 Metagauss | 1 Profilegrid | 2024-08-28 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in profilegrid ProfileGrid – User Profiles, Memberships, Groups and Communities.This issue affects ProfileGrid – User Profiles, Memberships, Groups and Communities: from n/a through 5.6.6. | ||||
| CVE-2019-15873 | 1 Metagauss | 1 Profilegrid | 2024-08-05 | N/A |
| The profilegrid-user-profiles-groups-and-communities plugin before 2.8.6 for WordPress has remote code execution via an wp-admin/admin-ajax.php request with the action=pm_template_preview&html=<?php substring followed by PHP code. | ||||
| CVE-2020-9454 | 1 Metagauss | 1 Registrationmagic | 2024-08-04 | 8.8 High |
| A CSRF vulnerability in the RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote attackers to forge requests on behalf of a site administrator to change all settings for the plugin, including deleting users, creating new roles with escalated privileges, and allowing PHP file uploads via forms. | ||||
| CVE-2020-9457 | 1 Metagauss | 1 Registrationmagic | 2024-08-04 | 8.8 High |
| The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote authenticated users (with minimal privileges) to import custom vulnerable forms and change form settings via class_rm_form_settings_controller.php, resulting in privilege escalation. | ||||
| CVE-2020-9455 | 1 Metagauss | 1 Registrationmagic | 2024-08-04 | 4.3 Medium |
| The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote authenticated users (with minimal privileges) to send arbitrary emails on behalf of the site via class_rm_user_services.php send_email_user_view. | ||||
| CVE-2020-9456 | 1 Metagauss | 1 Registrationmagic | 2024-08-04 | 8.8 High |
| In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the user controller allows remote authenticated users (with minimal privileges) to elevate their privileges to administrator via class_rm_user_controller.php rm_user_edit. | ||||
| CVE-2020-9458 | 1 Metagauss | 1 Registrationmagic | 2024-08-04 | 8.8 High |
| In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the export function allows remote authenticated users (with minimal privileges) to export submitted form data and settings via class_rm_form_controller.php rm_form_export. | ||||
| CVE-2020-8436 | 1 Metagauss | 1 Registrationmagic | 2024-08-04 | 6.1 Medium |
| XSS was discovered in the RegistrationMagic plugin 4.6.0.0 for WordPress via the rm_form_id, rm_tr, or form_name parameter. | ||||
| CVE-2020-8435 | 1 Metagauss | 1 Registrationmagic | 2024-08-04 | 8.1 High |
| An issue was discovered in the RegistrationMagic plugin 4.6.0.0 for WordPress. There is SQL injection via the rm_analytics_show_form rm_form_id parameter. | ||||
| CVE-2021-25059 | 1 Metagauss | 1 Download Plugin | 2024-08-03 | 4.3 Medium |
| The Download Plugin WordPress plugin before 2.0.0 does not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site (such as subscriber) to download a full copy of the website. | ||||
| CVE-2021-24862 | 1 Metagauss | 1 Registrationmagic | 2024-08-03 | 7.2 High |
| The RegistrationMagic WordPress plugin before 5.0.1.6 does not escape user input in its rm_chronos_ajax AJAX action before using it in a SQL statement when duplicating tasks in batches, which could lead to a SQL injection issue | ||||
| CVE-2021-24703 | 1 Metagauss | 1 Download Plugin | 2024-08-03 | 5.7 Medium |
| The Download Plugin WordPress plugin before 1.6.1 does not have capability and CSRF checks in the dpwap_plugin_activate AJAX action, allowing any authenticated users, such as subscribers, to activate plugins that are already installed. | ||||
| CVE-2021-24648 | 1 Metagauss | 1 Registrationmagic | 2024-08-03 | 6.1 Medium |
| The RegistrationMagic WordPress plugin before 5.0.1.9 does not sanitise and escape the rm_search_value parameter before outputting back in an attribute, leading to a Reflected Cross-Site Scripting | ||||
| CVE-2022-38062 | 1 Metagauss | 1 Download Theme | 2024-08-03 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Metagauss Download Theme plugin <= 1.0.9 versions. | ||||