Metagauss CVEs and Security Vulnerabilities

Filtered by vendor Metagauss Subscriptions

Search

Switch to Advanced Search (Beta)

Total 109 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2024-31275	1 Metagauss	1 Eventprime	2024-11-21	8.2 High
Missing Authorization vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through 3.3.4.
CVE-2023-52117	1 Metagauss	1 Profilegrid	2024-11-21	4.3 Medium
Missing Authorization vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid: from n/a through 5.6.6.
CVE-2023-51509	1 Metagauss	1 Registrationmagic	2024-11-21	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metagauss RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login allows Reflected XSS.This issue affects RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login: from n/a through 5.2.4.1.
CVE-2023-50846	1 Metagauss	1 Registrationmagic	2024-11-21	7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RegistrationMagic RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login.This issue affects RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login: from n/a through 5.2.4.5.
CVE-2023-47645	1 Metagauss	1 Registrationmagic	2024-11-21	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in RegistrationMagic RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login allows Cross Site Request Forgery.This issue affects RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login: from n/a through 5.2.2.6.
CVE-2023-47644	1 Metagauss	1 Profilegrid	2024-11-21	5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in profilegrid ProfileGrid – User Profiles, Memberships, Groups and Communities.This issue affects ProfileGrid – User Profiles, Memberships, Groups and Communities: from n/a through 5.6.6.
CVE-2023-45637	1 Metagauss	1 Eventprime	2024-11-21	7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in EventPrime EventPrime – Events Calendar, Bookings and Tickets plugin <= 3.1.5 versions.
CVE-2023-35884	1 Metagauss	1 Eventprime	2024-11-21	7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in EventPrime plugin <= 3.0.5 versions.
CVE-2023-33326	1 Metagauss	1 Eventprime	2024-11-21	7.1 High
Unauth. Reflected (XSS) Cross-Site Scripting (XSS) vulnerability in EventPrime plugin <= 2.8.6 versions.
CVE-2022-38062	1 Metagauss	1 Download Theme	2024-11-21	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Metagauss Download Theme plugin <= 1.0.9 versions.
CVE-2022-36352	1 Metagauss	1 Profilegrid	2024-11-21	6.3 Medium
Missing Authorization vulnerability in Profilegrid ProfileGrid – User Profiles, Memberships, Groups and Communities.This issue affects ProfileGrid – User Profiles, Memberships, Groups and Communities: from n/a through 5.0.3.
CVE-2022-36345	1 Metagauss	1 Download Plugin	2024-11-21	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Metagauss Download Plugin <= 2.0.4 versions.
CVE-2022-0420	1 Metagauss	1 Registrationmagic	2024-11-21	7.2 High
The RegistrationMagic WordPress plugin before 5.0.2.2 does not sanitise and escape the rm_form_id parameter before using it in a SQL statement in the Automation admin dashboard, allowing high privilege users to perform SQL injection attacks
CVE-2021-24862	1 Metagauss	1 Registrationmagic	2024-11-21	7.2 High
The RegistrationMagic WordPress plugin before 5.0.1.6 does not escape user input in its rm_chronos_ajax AJAX action before using it in a SQL statement when duplicating tasks in batches, which could lead to a SQL injection issue
CVE-2021-24703	1 Metagauss	1 Download Plugin	2024-11-21	5.7 Medium
The Download Plugin WordPress plugin before 1.6.1 does not have capability and CSRF checks in the dpwap_plugin_activate AJAX action, allowing any authenticated users, such as subscribers, to activate plugins that are already installed.
CVE-2021-24648	1 Metagauss	1 Registrationmagic	2024-11-21	6.1 Medium
The RegistrationMagic WordPress plugin before 5.0.1.9 does not sanitise and escape the rm_search_value parameter before outputting back in an attribute, leading to a Reflected Cross-Site Scripting
CVE-2020-9458	1 Metagauss	1 Registrationmagic	2024-11-21	8.8 High
In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the export function allows remote authenticated users (with minimal privileges) to export submitted form data and settings via class_rm_form_controller.php rm_form_export.
CVE-2020-9457	1 Metagauss	1 Registrationmagic	2024-11-21	8.8 High
The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote authenticated users (with minimal privileges) to import custom vulnerable forms and change form settings via class_rm_form_settings_controller.php, resulting in privilege escalation.
CVE-2020-9456	1 Metagauss	1 Registrationmagic	2024-11-21	8.8 High
In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the user controller allows remote authenticated users (with minimal privileges) to elevate their privileges to administrator via class_rm_user_controller.php rm_user_edit.
CVE-2020-9455	1 Metagauss	1 Registrationmagic	2024-11-21	4.3 Medium
The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote authenticated users (with minimal privileges) to send arbitrary emails on behalf of the site via class_rm_user_services.php send_email_user_view.

« first previous Page 5 of 6. next last »