Metagauss CVEs and Security Vulnerabilities

Filtered by vendor Metagauss Subscriptions

Search

Switch to Advanced Search (Beta)

Total 93 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2024-30490	1 Metagauss	1 Profilegrid	2025-02-04	9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.8.
CVE-2024-30241	1 Metagauss	1 Profilegrid	2025-02-04	8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.1.
CVE-2024-2951	1 Metagauss	1 Registrationmagic	2025-02-04	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Metagauss RegistrationMagic.This issue affects RegistrationMagic: from n/a through 5.3.0.0.
CVE-2023-23989	1 Metagauss	1 Registrationmagic	2025-02-04	5.3 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metagauss RegistrationMagic.This issue affects RegistrationMagic: from n/a through 5.1.9.2.
CVE-2023-23976	1 Metagauss	1 Registrationmagic	2025-02-04	7.5 High
Incorrect Default Permissions vulnerability in Metagauss RegistrationMagic allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects RegistrationMagic: from n/a through 5.1.9.2.
CVE-2023-51544	1 Metagauss	1 Registrationmagic	2025-02-04	5.3 Medium
Improper Control of Interaction Frequency vulnerability in Metagauss RegistrationMagic allows Functionality Misuse.This issue affects RegistrationMagic: from n/a through 5.2.5.0.
CVE-2023-51543	1 Metagauss	1 Registrationmagic	2025-02-04	5.3 Medium
Authentication Bypass by Spoofing vulnerability in Metagauss RegistrationMagic allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects RegistrationMagic: from n/a through 5.2.5.0.
CVE-2025-24686	1 Metagauss	1 Registrationmagic	2025-02-04	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metagauss User Registration Forms RegistrationMagic allows Reflected XSS. This issue affects RegistrationMagic: from n/a through 6.0.3.3.
CVE-2023-49831	1 Metagauss	1 Registrationmagic	2025-02-04	7.5 High
Missing Authorization vulnerability in Metagauss User Registration Forms RegistrationMagic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RegistrationMagic: from n/a through 5.2.3.0.
CVE-2024-32808	1 Metagauss	1 Profilegrid	2025-02-04	5.4 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.9.
CVE-2024-32772	1 Metagauss	1 Profilegrid	2025-02-04	4.3 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.9.
CVE-2024-43317	1 Metagauss	1 Registrationmagic	2025-02-04	4.3 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Metagauss User Registration Team RegistrationMagic allows Cross-Site Scripting (XSS).This issue affects RegistrationMagic: from n/a through 6.0.1.0.
CVE-2024-25935	1 Metagauss	1 Registrationmagic	2025-02-03	4.3 Medium
Missing Authorization vulnerability in Metagauss RegistrationMagic.This issue affects RegistrationMagic: from n/a through 5.2.5.9.
CVE-2024-33947	1 Metagauss	1 Registrationmagic	2025-02-03	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metagauss RegistrationMagic allows Reflected XSS.This issue affects RegistrationMagic: from n/a through 5.3.2.0.
CVE-2023-33321	1 Metagauss	1 Eventprime	2025-02-03	5.3 Medium
Missing Authorization vulnerability in Metagauss EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through 2.8.6.
CVE-2024-32774	1 Metagauss	1 Profilegrid	2025-02-03	4.3 Medium
Improper Restriction of Excessive Authentication Attempts vulnerability in Metagauss ProfileGrid allows Removing Important Client Functionality.This issue affects ProfileGrid : from n/a through 5.8.2.
CVE-2022-0232	1 Metagauss	1 Leadmagic	2025-01-31	4.8 Medium
The User Registration, Login & Landing Pages WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the loader_text parameter found in the ~/includes/templates/landing-page.php file which allows attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.2.7. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
CVE-2024-1991	1 Metagauss	1 Registrationmagic	2025-01-31	8.8 High
The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the update_users_role() function in all versions up to, and including, 5.3.0.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to escalate their privileges to that of an administrator
CVE-2024-10508	1 Metagauss	1 Registrationmagic	2025-01-29	9.8 Critical
The RegistrationMagic – User Registration Plugin with Custom Registration Forms plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.0.2.6. This is due to the plugin not properly validating the password reset token prior to updating a user's password. This makes it possible for unauthenticated attackers to reset the password of arbitrary users, including administrators, and gain access to these accounts.
CVE-2024-1990	1 Metagauss	1 Registrationmagic	2025-01-17	8.8 High
The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to blind SQL Injection via the ‘id’ parameter of the RM_Form shortcode in all versions up to, and including, 5.3.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

« first previous Page 2 of 5. next last »