Vulnerabilities > Metagauss

DATE CVE VULNERABILITY TITLE RISK
2024-01-22 CVE-2023-6447 Unspecified vulnerability in Metagauss Eventprime
The EventPrime WordPress plugin before 3.3.6 lacks authentication and authorization, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id/event name.
network
low complexity
metagauss
5.3
2024-01-08 CVE-2022-36352 Unspecified vulnerability in Metagauss Profilegrid
Missing Authorization vulnerability in Profilegrid ProfileGrid – User Profiles, Memberships, Groups and Communities.This issue affects ProfileGrid – User Profiles, Memberships, Groups and Communities: from n/a through 5.0.3.
network
low complexity
metagauss
8.8
2023-12-28 CVE-2023-50846 SQL Injection vulnerability in Metagauss Registrationmagic
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RegistrationMagic RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login.This issue affects RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login: from n/a through 5.2.4.5.
network
low complexity
metagauss CWE-89
7.2
2023-11-30 CVE-2023-47645 Unspecified vulnerability in Metagauss Registrationmagic
Cross-Site Request Forgery (CSRF) vulnerability in RegistrationMagic RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login allows Cross Site Request Forgery.This issue affects RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login: from n/a through 5.2.2.6.
network
low complexity
metagauss
8.8
2023-11-27 CVE-2023-4252 Unspecified vulnerability in Metagauss Eventprime
The EventPrime WordPress plugin through 3.2.9 specifies the price of a booking in the client request, allowing an attacker to purchase bookings without payment.
network
low complexity
metagauss
5.3
2023-11-18 CVE-2023-47644 Unspecified vulnerability in Metagauss Profilegrid
Cross-Site Request Forgery (CSRF) vulnerability in profilegrid ProfileGrid – User Profiles, Memberships, Groups and Communities.This issue affects ProfileGrid – User Profiles, Memberships, Groups and Communities: from n/a through 5.6.6.
network
low complexity
metagauss
8.8
2023-10-31 CVE-2023-4250 Cross-site Scripting vulnerability in Metagauss Eventprime
The EventPrime WordPress plugin before 3.2.0 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
network
low complexity
metagauss CWE-79
6.1
2023-10-31 CVE-2023-4251 Cross-Site Request Forgery (CSRF) vulnerability in Metagauss Eventprime
The EventPrime WordPress plugin before 3.2.0 does not have CSRF checks when creating bookings, which could allow attackers to make logged in users create unwanted bookings via CSRF attacks.
network
low complexity
metagauss CWE-352
4.3
2023-10-31 CVE-2023-5238 Cross-site Scripting vulnerability in Metagauss Eventprime
The EventPrime WordPress plugin before 3.2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to an HTML Injection on the plugin in the search area of the website.
network
low complexity
metagauss CWE-79
6.1
2023-10-31 CVE-2023-5519 Cross-Site Request Forgery (CSRF) vulnerability in Metagauss Eventprime
The EventPrime WordPress plugin before 3.2.0 does not have CSRF checks when creating bookings, which could allow attackers to make logged in users create unwanted bookings via CSRF attacks.
network
low complexity
metagauss CWE-352
4.3