Vulnerabilities > Metagauss
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-03-29 | CVE-2024-30513 | Unspecified vulnerability in Metagauss Profilegrid Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.2. | 6.5 |
| 2024-03-29 | CVE-2024-30490 | Unspecified vulnerability in Metagauss Profilegrid Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.8. | 9.8 |
| 2024-03-29 | CVE-2024-30491 | Unspecified vulnerability in Metagauss Profilegrid Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.8. | 8.8 |
| 2024-03-28 | CVE-2024-30241 | Unspecified vulnerability in Metagauss Profilegrid Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.1. | 8.8 |
| 2024-03-26 | CVE-2024-2951 | Unspecified vulnerability in Metagauss Registrationmagic Cross-Site Request Forgery (CSRF) vulnerability in Metagauss RegistrationMagic.This issue affects RegistrationMagic: from n/a through 5.3.0.0. | 4.3 |
| 2024-03-23 | CVE-2024-24832 | Unspecified vulnerability in Metagauss Eventprime Missing Authorization vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through 3.3.9. | 7.5 |
| 2024-03-19 | CVE-2024-29113 | Unspecified vulnerability in Metagauss Registrationmagic Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metagauss RegistrationMagic allows Reflected XSS.This issue affects RegistrationMagic: from n/a through 5.2.5.9. | 6.1 |
| 2024-03-13 | CVE-2024-1126 | Missing Authorization vulnerability in Metagauss Eventprime The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_attendees_email_by_event_id() function in all versions up to, and including, 3.4.1. | 4.3 |
| 2024-03-09 | CVE-2024-1125 | Missing Authorization vulnerability in Metagauss Eventprime The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the calendar_events_delete() function in all versions up to, and including, 3.4.3. | 5.3 |
| 2024-03-09 | CVE-2024-1320 | Cross-site Scripting vulnerability in Metagauss Eventprime The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'offline_status' parameter in all versions up to, and including, 3.4.3 due to insufficient input sanitization and output escaping. | 6.1 |