Vulnerabilities > Metagauss > Registrationmagic > 4.6.0.7
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-10 | CVE-2021-24862 | Unspecified vulnerability in Metagauss Registrationmagic The RegistrationMagic WordPress plugin before 5.0.1.6 does not escape user input in its rm_chronos_ajax AJAX action before using it in a SQL statement when duplicating tasks in batches, which could lead to a SQL injection issue | 7.2 |
| 2021-12-14 | CVE-2021-4073 | Unspecified vulnerability in Metagauss Registrationmagic The RegistrationMagic WordPress plugin made it possible for unauthenticated users to log in as any site user, including administrators, if they knew a valid username on the site due to missing identity validation in the social login function social_login_using_email() of the plugin. | 8.1 |