High

DATE	CVE	VULNERABILITY TITLE	RISK
2023-12-28	CVE-2023-50846	SQL Injection vulnerability in Metagauss Registrationmagic Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RegistrationMagic RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login.This issue affects RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login: from n/a through 5.2.4.5. network low complexity metagauss CWE-89	7.2
2023-11-30	CVE-2023-47645	Unspecified vulnerability in Metagauss Registrationmagic Cross-Site Request Forgery (CSRF) vulnerability in RegistrationMagic RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login allows Cross Site Request Forgery.This issue affects RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login: from n/a through 5.2.2.6. network low complexity metagauss	8.8
2023-05-16	CVE-2023-2548	Authorization Bypass Through User-Controlled Key vulnerability in Metagauss Registrationmagic The RegistrationMagic plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 5.2.0.5. network low complexity metagauss CWE-639	7.2
2023-03-13	CVE-2023-25991	Unspecified vulnerability in Metagauss Registrationmagic Cross-Site Request Forgery (CSRF) vulnerability in RegistrationMagic plugin <= 5.1.9.2 versions. network low complexity metagauss	8.8
2022-03-07	CVE-2022-0420	SQL Injection vulnerability in Metagauss Registrationmagic The RegistrationMagic WordPress plugin before 5.0.2.2 does not sanitise and escape the rm_form_id parameter before using it in a SQL statement in the Automation admin dashboard, allowing high privilege users to perform SQL injection attacks network low complexity metagauss CWE-89	7.2
2022-01-10	CVE-2021-24862	Unspecified vulnerability in Metagauss Registrationmagic The RegistrationMagic WordPress plugin before 5.0.1.6 does not escape user input in its rm_chronos_ajax AJAX action before using it in a SQL statement when duplicating tasks in batches, which could lead to a SQL injection issue network low complexity metagauss	7.2
2021-12-14	CVE-2021-4073	Unspecified vulnerability in Metagauss Registrationmagic The RegistrationMagic WordPress plugin made it possible for unauthenticated users to log in as any site user, including administrators, if they knew a valid username on the site due to missing identity validation in the social login function social_login_using_email() of the plugin. network high complexity metagauss	8.1
2020-03-12	CVE-2020-8435	SQL Injection vulnerability in Metagauss Registrationmagic 4.6.0.0 An issue was discovered in the RegistrationMagic plugin 4.6.0.0 for WordPress. network low complexity metagauss CWE-89	8.1
2020-03-06	CVE-2020-9458	Missing Authorization vulnerability in Metagauss Registrationmagic In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the export function allows remote authenticated users (with minimal privileges) to export submitted form data and settings via class_rm_form_controller.php rm_form_export. network low complexity metagauss CWE-862	8.8
2020-03-06	CVE-2020-9457	Missing Authorization vulnerability in Metagauss Registrationmagic The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote authenticated users (with minimal privileges) to import custom vulnerable forms and change form settings via class_rm_form_settings_controller.php, resulting in privilege escalation. network low complexity metagauss CWE-862	8.8