Vulnerabilities > Metagauss

DATE CVE VULNERABILITY TITLE RISK
2025-02-18 CVE-2024-13740 Authorization Bypass Through User-Controlled Key vulnerability in Metagauss Profilegrid
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.9.4.2 via the pm_messenger_show_messages function due to missing validation on a user controlled key.
network
low complexity
metagauss CWE-639
4.3
4.3
2025-02-18 CVE-2024-13741 Server-Side Request Forgery (SSRF) vulnerability in Metagauss Profilegrid
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Limited Server-Side Request Forgery in all versions up to, and including, 5.9.4.2 via the pm_upload_image function.
network
low complexity
metagauss CWE-918
5.4
5.4
2025-01-31 CVE-2025-24686 Cross-site Scripting vulnerability in Metagauss Registrationmagic
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metagauss User Registration Forms RegistrationMagic allows Reflected XSS.
network
low complexity
metagauss CWE-79
6.1
6.1
2024-12-17 CVE-2024-12024 Cross-site Scripting vulnerability in Metagauss Eventprime
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the em_ticket_category_data and em_ticket_individual_data parameters in all versions up to, and including, 4.0.5.3 due to insufficient input sanitization and output escaping.
network
low complexity
metagauss CWE-79
6.1
6.1
2024-12-09 CVE-2023-49831 Missing Authorization vulnerability in Metagauss Registrationmagic
Missing Authorization vulnerability in Metagauss User Registration Forms RegistrationMagic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RegistrationMagic: from n/a through 5.2.3.0.
network
low complexity
metagauss CWE-862
7.5
7.5
2024-11-20 CVE-2024-10900 Missing Authorization vulnerability in Metagauss Profilegrid
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pm_remove_file_attachment() function in all versions up to, and including, 5.9.3.6.
network
low complexity
metagauss CWE-862
8.1
8.1
2024-11-01 CVE-2024-37453 Missing Authorization vulnerability in Metagauss Profilegrid
Missing Authorization vulnerability in ProfileGrid User Profiles ProfileGrid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ProfileGrid: from n/a through 5.8.7.
network
low complexity
metagauss CWE-862
8.8
8.8
2024-10-24 CVE-2024-9864 Cross-site Scripting vulnerability in Metagauss Eventprime
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ticket names in all versions up to, and including, 4.0.4.7 due to insufficient input sanitization and output escaping.
network
low complexity
metagauss CWE-79
6.1
6.1
2024-10-24 CVE-2024-9865 Cross-site Scripting vulnerability in Metagauss Eventprime
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ep_booking_attendee_fields’ fields in all versions up to, and including, 4.0.4.7 due to insufficient input sanitization and output escaping.
network
low complexity
metagauss CWE-79
6.1
6.1
2024-10-23 CVE-2024-9829 Missing Authorization vulnerability in Metagauss Download Plugin
The Download Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability checks on the 'dpwap_handle_download_user' and 'dpwap_handle_download_comment' functions in all versions up to, and including, 2.2.0.
network
low complexity
metagauss CWE-862
6.5
6.5