Vulnerabilities > Metagauss

DATE CVE VULNERABILITY TITLE RISK
2024-06-09 CVE-2024-31275 Unspecified vulnerability in Metagauss Eventprime
Missing Authorization vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through 3.3.4.
network
low complexity
metagauss
critical
 9.8
9.8
2024-06-05 CVE-2024-5453 Missing Authorization vulnerability in Metagauss Profilegrid
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pm_dismissible_notice and pm_wizard_update_group_icon functions in all versions up to, and including, 5.8.6.
network
low complexity
metagauss CWE-862
4.3
4.3
2024-03-13 CVE-2024-1126 Missing Authorization vulnerability in Metagauss Eventprime
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_attendees_email_by_event_id() function in all versions up to, and including, 3.4.1.
network
low complexity
metagauss CWE-862
4.3
4.3
2024-03-09 CVE-2024-1125 Missing Authorization vulnerability in Metagauss Eventprime
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the calendar_events_delete() function in all versions up to, and including, 3.4.3.
network
low complexity
metagauss CWE-862
5.3
5.3
2024-03-09 CVE-2024-1320 Cross-site Scripting vulnerability in Metagauss Eventprime
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'offline_status' parameter in all versions up to, and including, 3.4.3 due to insufficient input sanitization and output escaping.
network
low complexity
metagauss CWE-79
6.1
6.1
2024-02-01 CVE-2023-51509 Unspecified vulnerability in Metagauss Registrationmagic
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metagauss RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login allows Reflected XSS.This issue affects RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login: from n/a through 5.2.4.1.
network
low complexity
metagauss
6.1
6.1
2024-01-22 CVE-2023-6447 Unspecified vulnerability in Metagauss Eventprime
The EventPrime WordPress plugin before 3.3.6 lacks authentication and authorization, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id/event name.
network
low complexity
metagauss
5.3
5.3
2024-01-08 CVE-2022-36352 Unspecified vulnerability in Metagauss Profilegrid
Missing Authorization vulnerability in Profilegrid ProfileGrid – User Profiles, Memberships, Groups and Communities.This issue affects ProfileGrid – User Profiles, Memberships, Groups and Communities: from n/a through 5.0.3.
network
low complexity
metagauss
8.8
8.8
2023-12-28 CVE-2023-50846 SQL Injection vulnerability in Metagauss Registrationmagic
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RegistrationMagic RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login.This issue affects RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login: from n/a through 5.2.4.5.
network
low complexity
metagauss CWE-89
7.2
7.2
2023-11-30 CVE-2023-47645 Unspecified vulnerability in Metagauss Registrationmagic
Cross-Site Request Forgery (CSRF) vulnerability in RegistrationMagic RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login allows Cross Site Request Forgery.This issue affects RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login: from n/a through 5.2.2.6.
network
low complexity
metagauss
8.8
8.8