Vulnerabilities > Metagauss

DATE CVE VULNERABILITY TITLE RISK
2024-11-20 CVE-2024-10900 Missing Authorization vulnerability in Metagauss Profilegrid
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pm_remove_file_attachment() function in all versions up to, and including, 5.9.3.6.
network
low complexity
metagauss CWE-862
8.1
2024-10-23 CVE-2024-9829 Missing Authorization vulnerability in Metagauss Download Plugin
The Download Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability checks on the 'dpwap_handle_download_user' and 'dpwap_handle_download_comment' functions in all versions up to, and including, 2.2.0.
network
low complexity
metagauss CWE-862
6.5
2024-10-21 CVE-2024-49273 Missing Authorization vulnerability in Metagauss Profilegrid
Missing Authorization vulnerability in ProfileGrid User Profiles ProfileGrid.This issue affects ProfileGrid: from n/a through 5.9.3.
network
low complexity
metagauss CWE-862
6.5
2024-09-26 CVE-2024-8861 Cross-site Scripting vulnerability in Metagauss Profilegrid
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.9.3.2 due to incorrect use of the wp_kses_allowed_html function, which allows the 'onclick' attribute for certain HTML elements without sufficient restriction or context validation.
network
low complexity
metagauss CWE-79
5.4
2024-09-10 CVE-2024-8369 Missing Authorization vulnerability in Metagauss Eventprime
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access to Private or Password-protected events due to missing authorization checks in all versions up to, and including, 4.0.4.3.
network
low complexity
metagauss CWE-862
5.3
2024-08-01 CVE-2024-39643 Cross-site Scripting vulnerability in Metagauss Registrationmagic
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in RegistrationMagic Forms RegistrationMagic allows Stored XSS.This issue affects RegistrationMagic: from n/a through 6.0.0.1.
network
low complexity
metagauss CWE-79
6.1
2024-06-12 CVE-2023-52117 Unspecified vulnerability in Metagauss Profilegrid
Missing Authorization vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid: from n/a through 5.6.6.
network
low complexity
metagauss
6.3
2024-06-09 CVE-2024-31275 Unspecified vulnerability in Metagauss Eventprime
Missing Authorization vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through 3.3.4.
network
low complexity
metagauss
critical
9.8
2024-06-05 CVE-2024-5453 Missing Authorization vulnerability in Metagauss Profilegrid
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pm_dismissible_notice and pm_wizard_update_group_icon functions in all versions up to, and including, 5.8.6.
network
low complexity
metagauss CWE-862
4.3
2024-02-01 CVE-2023-51509 Unspecified vulnerability in Metagauss Registrationmagic
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metagauss RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login allows Reflected XSS.This issue affects RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login: from n/a through 5.2.4.1.
network
low complexity
metagauss
6.1