Metagauss
Products
5- 40 CVEs
- 28 CVEs
- 22 CVEs
- 6 CVEs
- 1 CVE
Recent CVEs
97| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-24378 | Cri | 0.64 | 9.8 | 0.01 | Mar 25, 2026 | Deserialization of Untrusted Data vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Object Injection.This issue affects EventPrime: from n/a through <= 4.2.8.0. | ||
| CVE-2023-2499 | Cri | 0.64 | 9.8 | 0.01 | May 16, 2023 | The RegistrationMagic plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.2.1.0. This is due to insufficient verification on the user being supplied during a Google social login through the plugin. This makes it possible for… | ||
| CVE-2024-30490 | Cri | 0.62 | 9.3 | 0.02 | Mar 29, 2024 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.8. | ||
| CVE-2024-30491 | Hig | 0.60 | 8.5 | 0.32 | Mar 29, 2024 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.8. | ||
| CVE-2025-26999 | Hig | 0.57 | 8.8 | 0.01 | Mar 3, 2025 | Deserialization of Untrusted Data vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Object Injection.This issue affects ProfileGrid : from n/a through <= 5.9.4.3. | ||
| CVE-2024-6411 | Hig | 0.57 | 8.8 | 0.01 | Jul 10, 2024 | The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.8.9. This is due to a lack of validation on user-supplied data in the 'pm_upload_image' AJAX action. This makes it… | ||
| CVE-2024-30241 | Hig | 0.56 | 8.5 | 0.01 | Mar 28, 2024 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.1. | ||
| CVE-2025-49033 | Hig | 0.55 | 8.5 | 0.00 | Aug 14, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Blind SQL Injection.This issue affects ProfileGrid : from n/a through <= 5.9.5.3. | ||
| CVE-2025-49876 | Hig | 0.55 | 8.5 | 0.00 | Jul 16, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows SQL Injection.This issue affects ProfileGrid : from n/a through <= 5.9.5.2. | ||
| CVE-2025-47478 | Hig | 0.55 | 8.5 | 0.00 | May 23, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows SQL Injection.This issue affects ProfileGrid : from n/a through <= 5.9.5.0. | ||
| CVE-2025-39586 | Hig | 0.55 | 8.5 | 0.00 | Apr 17, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows SQL Injection.This issue affects ProfileGrid : from n/a through <= 5.9.4.8. | ||
| CVE-2026-24373 | Hig | 0.53 | 8.1 | 0.00 | Mar 25, 2026 | Incorrect Privilege Assignment vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Privilege Escalation.This issue affects RegistrationMagic: from n/a through <= 6.0.7.1. | ||
| CVE-2024-24832 | Hig | 0.53 | 8.2 | 0.00 | Mar 23, 2024 | Missing Authorization vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through 3.3.9. | ||
| CVE-2024-1991 | Hig | 0.50 | 8.8 | 0.01 | Apr 9, 2024 | The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the update_users_role() function in all versions up to, and including, 5.3.0.0. This… | ||
| CVE-2024-1990 | Hig | 0.50 | 8.8 | 0.01 | Apr 9, 2024 | The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to blind SQL Injection via the ‘id’ parameter of the RM_Form shortcode in all versions up to, and including, 5.3.1.0 due to insufficient… | ||
| CVE-2023-3713 | Hig | 0.50 | 8.8 | 0.01 | Jul 18, 2023 | The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'profile_magic_check_smtp_connection' function in versions up to, and including, 5.5.1. This makes it possible for authenticated attackers, with… | ||
| CVE-2026-32498 | Hig | 0.49 | 7.5 | 0.00 | Mar 25, 2026 | Missing Authorization vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RegistrationMagic: from n/a through <= 6.0.7.6. | ||
| CVE-2025-69358 | Hig | 0.49 | 7.5 | 0.00 | Mar 25, 2026 | Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through <= 4.2.6.0. | ||
| CVE-2026-25312 | Hig | 0.49 | 7.5 | 0.00 | Mar 19, 2026 | Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through <= 4.2.8.3. | ||
| CVE-2023-49831 | Hig | 0.49 | 7.5 | 0.01 | Dec 9, 2024 | Missing Authorization vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RegistrationMagic: from n/a through <= 5.2.3.0. |
- risk 0.64cvss 9.8epss 0.01
Deserialization of Untrusted Data vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Object Injection.This issue affects EventPrime: from n/a through <= 4.2.8.0.
- risk 0.64cvss 9.8epss 0.01
The RegistrationMagic plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.2.1.0. This is due to insufficient verification on the user being supplied during a Google social login through the plugin. This makes it possible for…
- risk 0.62cvss 9.3epss 0.02
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.8.
- risk 0.60cvss 8.5epss 0.32
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.8.
- risk 0.57cvss 8.8epss 0.01
Deserialization of Untrusted Data vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Object Injection.This issue affects ProfileGrid : from n/a through <= 5.9.4.3.
- risk 0.57cvss 8.8epss 0.01
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.8.9. This is due to a lack of validation on user-supplied data in the 'pm_upload_image' AJAX action. This makes it…
- risk 0.56cvss 8.5epss 0.01
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.1.
- risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Blind SQL Injection.This issue affects ProfileGrid : from n/a through <= 5.9.5.3.
- risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows SQL Injection.This issue affects ProfileGrid : from n/a through <= 5.9.5.2.
- risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows SQL Injection.This issue affects ProfileGrid : from n/a through <= 5.9.5.0.
- risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows SQL Injection.This issue affects ProfileGrid : from n/a through <= 5.9.4.8.
- risk 0.53cvss 8.1epss 0.00
Incorrect Privilege Assignment vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Privilege Escalation.This issue affects RegistrationMagic: from n/a through <= 6.0.7.1.
- risk 0.53cvss 8.2epss 0.00
Missing Authorization vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through 3.3.9.
- risk 0.50cvss 8.8epss 0.01
The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the update_users_role() function in all versions up to, and including, 5.3.0.0. This…
- risk 0.50cvss 8.8epss 0.01
The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to blind SQL Injection via the ‘id’ parameter of the RM_Form shortcode in all versions up to, and including, 5.3.1.0 due to insufficient…
- risk 0.50cvss 8.8epss 0.01
The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'profile_magic_check_smtp_connection' function in versions up to, and including, 5.5.1. This makes it possible for authenticated attackers, with…
- risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RegistrationMagic: from n/a through <= 6.0.7.6.
- risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through <= 4.2.6.0.
- risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through <= 4.2.8.3.
- risk 0.49cvss 7.5epss 0.01
Missing Authorization vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RegistrationMagic: from n/a through <= 5.2.3.0.