Search
Search Results (145 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-9454 | 1 Metagauss | 1 Registrationmagic | 2024-11-21 | 8.8 High |
| A CSRF vulnerability in the RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote attackers to forge requests on behalf of a site administrator to change all settings for the plugin, including deleting users, creating new roles with escalated privileges, and allowing PHP file uploads via forms. | ||||
| CVE-2020-8436 | 1 Metagauss | 1 Registrationmagic | 2024-11-21 | 6.1 Medium |
| XSS was discovered in the RegistrationMagic plugin 4.6.0.0 for WordPress via the rm_form_id, rm_tr, or form_name parameter. | ||||
| CVE-2020-8435 | 1 Metagauss | 1 Registrationmagic | 2024-11-21 | 8.1 High |
| An issue was discovered in the RegistrationMagic plugin 4.6.0.0 for WordPress. There is SQL injection via the rm_analytics_show_form rm_form_id parameter. | ||||
| CVE-2019-15873 | 1 Metagauss | 1 Profilegrid | 2024-11-21 | N/A |
| The profilegrid-user-profiles-groups-and-communities plugin before 2.8.6 for WordPress has remote code execution via an wp-admin/admin-ajax.php request with the action=pm_template_preview&html=<?php substring followed by PHP code. | ||||
| CVE-2024-39643 | 1 Metagauss | 1 Registrationmagic | 2024-09-11 | 5.8 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in RegistrationMagic Forms RegistrationMagic allows Stored XSS.This issue affects RegistrationMagic: from n/a through 6.0.0.1. | ||||