Filtered by vendor Metagauss
Subscribe
Search
Total
14 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-36352 | 1 Metagauss | 1 Profilegrid | 2024-01-11 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in Profilegrid ProfileGrid – User Profiles, Memberships, Groups and Communities.This issue affects ProfileGrid – User Profiles, Memberships, Groups and Communities: from n/a through 5.0.3. | |||||
| CVE-2023-50846 | 1 Metagauss | 1 Registrationmagic | 2024-01-04 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RegistrationMagic RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login.This issue affects RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login: from n/a through 5.2.4.5. | |||||
| CVE-2023-47645 | 1 Metagauss | 1 Registrationmagic | 2023-12-05 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in RegistrationMagic RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login allows Cross Site Request Forgery.This issue affects RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login: from n/a through 5.2.2.6. | |||||
| CVE-2023-47644 | 1 Metagauss | 1 Profilegrid | 2023-11-25 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in profilegrid ProfileGrid – User Profiles, Memberships, Groups and Communities.This issue affects ProfileGrid – User Profiles, Memberships, Groups and Communities: from n/a through 5.6.6. | |||||
| CVE-2023-3713 | 1 Metagauss | 1 Profilegrid | 2023-07-27 | N/A | 8.8 HIGH |
| The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'profile_magic_check_smtp_connection' function in versions up to, and including, 5.5.1. This makes it possible for authenticated attackers, with subscriber-level permissions or above to update the site options arbitrarily. This can be used by attackers to achieve privilege escalation. | |||||
| CVE-2023-3714 | 1 Metagauss | 1 Profilegrid | 2023-07-27 | N/A | 8.8 HIGH |
| The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'edit_group' handler in versions up to, and including, 5.5.2. This makes it possible for authenticated attackers, with group ownership, to update group options, including the 'associate_role' parameter, which defines the member's role. This issue was partially patched in version 5.5.2 preventing privilege escalation, however, it was fully patched in 5.5.3. | |||||
| CVE-2021-24862 | 1 Metagauss | 1 Registrationmagic | 2022-02-04 | 6.5 MEDIUM | 7.2 HIGH |
| The RegistrationMagic WordPress plugin before 5.0.1.6 does not escape user input in its rm_chronos_ajax AJAX action before using it in a SQL statement when duplicating tasks in batches, which could lead to a SQL injection issue | |||||
| CVE-2019-15873 | 1 Metagauss | 1 Profilegrid | 2022-01-24 | 6.5 MEDIUM | 8.8 HIGH |
| The profilegrid-user-profiles-groups-and-communities plugin before 2.8.6 for WordPress has remote code execution via an wp-admin/admin-ajax.php request with the action=pm_template_preview&html=<?php substring followed by PHP code. | |||||
| CVE-2020-9456 | 1 Metagauss | 1 Registrationmagic | 2022-01-21 | 6.5 MEDIUM | 8.8 HIGH |
| In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the user controller allows remote authenticated users (with minimal privileges) to elevate their privileges to administrator via class_rm_user_controller.php rm_user_edit. | |||||
| CVE-2020-9457 | 1 Metagauss | 1 Registrationmagic | 2022-01-21 | 6.5 MEDIUM | 8.8 HIGH |
| The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote authenticated users (with minimal privileges) to import custom vulnerable forms and change form settings via class_rm_form_settings_controller.php, resulting in privilege escalation. | |||||
| CVE-2020-9454 | 1 Metagauss | 1 Registrationmagic | 2022-01-21 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF vulnerability in the RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote attackers to forge requests on behalf of a site administrator to change all settings for the plugin, including deleting users, creating new roles with escalated privileges, and allowing PHP file uploads via forms. | |||||
| CVE-2020-8435 | 1 Metagauss | 1 Registrationmagic | 2022-01-21 | 5.5 MEDIUM | 8.1 HIGH |
| An issue was discovered in the RegistrationMagic plugin 4.6.0.0 for WordPress. There is SQL injection via the rm_analytics_show_form rm_form_id parameter. | |||||
| CVE-2021-4073 | 1 Metagauss | 1 Registrationmagic | 2022-01-21 | 6.8 MEDIUM | 8.1 HIGH |
| The RegistrationMagic WordPress plugin made it possible for unauthenticated users to log in as any site user, including administrators, if they knew a valid username on the site due to missing identity validation in the social login function social_login_using_email() of the plugin. This affects versions equal to, and less than, 5.0.1.7. | |||||
| CVE-2020-9458 | 1 Metagauss | 1 Registrationmagic | 2022-01-21 | 6.5 MEDIUM | 8.8 HIGH |
| In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the export function allows remote authenticated users (with minimal privileges) to export submitted form data and settings via class_rm_form_controller.php rm_form_export. | |||||