Vulnerabilities > Metagauss > Registrationmagic > 4.5.7.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-01 | CVE-2023-51509 | Cross-site Scripting vulnerability in Metagauss Registrationmagic Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metagauss RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login allows Reflected XSS.This issue affects RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login: from n/a through 5.2.4.1. | 6.1 |
| 2023-12-28 | CVE-2023-50846 | SQL Injection vulnerability in Metagauss Registrationmagic Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RegistrationMagic RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login.This issue affects RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login: from n/a through 5.2.4.5. | 7.2 |
| 2023-11-30 | CVE-2023-47645 | Cross-Site Request Forgery (CSRF) vulnerability in Metagauss Registrationmagic Cross-Site Request Forgery (CSRF) vulnerability in RegistrationMagic RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login allows Cross Site Request Forgery.This issue affects RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login: from n/a through 5.2.2.6. | 8.8 |
| 2023-05-16 | CVE-2023-2499 | Improper Authentication vulnerability in Metagauss Registrationmagic The RegistrationMagic plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.2.1.0. | 9.8 |
| 2023-05-16 | CVE-2023-2548 | Authorization Bypass Through User-Controlled Key vulnerability in Metagauss Registrationmagic The RegistrationMagic plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 5.2.0.5. | 7.2 |
| 2023-03-13 | CVE-2023-25991 | Cross-Site Request Forgery (CSRF) vulnerability in Metagauss Registrationmagic Cross-Site Request Forgery (CSRF) vulnerability in RegistrationMagic plugin <= 5.1.9.2 versions. | 8.8 |
| 2022-03-07 | CVE-2022-0420 | SQL Injection vulnerability in Metagauss Registrationmagic The RegistrationMagic WordPress plugin before 5.0.2.2 does not sanitise and escape the rm_form_id parameter before using it in a SQL statement in the Automation admin dashboard, allowing high privilege users to perform SQL injection attacks | 6.5 |
| 2022-02-01 | CVE-2021-24648 | Cross-site Scripting vulnerability in Metagauss Registrationmagic The RegistrationMagic WordPress plugin before 5.0.1.9 does not sanitise and escape the rm_search_value parameter before outputting back in an attribute, leading to a Reflected Cross-Site Scripting | 4.3 |
| 2022-01-10 | CVE-2021-24862 | SQL Injection vulnerability in Metagauss Registrationmagic The RegistrationMagic WordPress plugin before 5.0.1.6 does not escape user input in its rm_chronos_ajax AJAX action before using it in a SQL statement when duplicating tasks in batches, which could lead to a SQL injection issue | 6.5 |
| 2021-12-14 | CVE-2021-4073 | Improper Authentication vulnerability in Metagauss Registrationmagic The RegistrationMagic WordPress plugin made it possible for unauthenticated users to log in as any site user, including administrators, if they knew a valid username on the site due to missing identity validation in the social login function social_login_using_email() of the plugin. | 6.8 |