Search Results (148 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-0889 1 Metagauss 1 Themeflection Numbers 2025-02-06 6.5 Medium
Themeflection Numbers WordPress plugin before 2.0.1 does not have authorisation and CSRF check in an AJAX action, and does not ensure that the options to be updated belong to the plugin. As a result, it could allow any authenticated users, such as subscriber, to update arbitrary blog options, such as enabling registration and set the default role to administrator
CVE-2023-51544 1 Metagauss 1 Registrationmagic 2025-02-04 5.3 Medium
Improper Control of Interaction Frequency vulnerability in Metagauss RegistrationMagic allows Functionality Misuse.This issue affects RegistrationMagic: from n/a through 5.2.5.0.
CVE-2023-51543 1 Metagauss 1 Registrationmagic 2025-02-04 5.3 Medium
Authentication Bypass by Spoofing vulnerability in Metagauss RegistrationMagic allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects RegistrationMagic: from n/a through 5.2.5.0.
CVE-2024-43317 1 Metagauss 1 Registrationmagic 2025-02-04 4.3 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Metagauss User Registration Team RegistrationMagic allows Cross-Site Scripting (XSS).This issue affects RegistrationMagic: from n/a through 6.0.1.0.
CVE-2023-33321 1 Metagauss 1 Eventprime 2025-02-03 5.3 Medium
Missing Authorization vulnerability in Metagauss EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through 2.8.6.
CVE-2024-32774 1 Metagauss 1 Profilegrid 2025-02-03 4.3 Medium
Improper Restriction of Excessive Authentication Attempts vulnerability in Metagauss ProfileGrid allows Removing Important Client Functionality.This issue affects ProfileGrid : from n/a through 5.8.2.
CVE-2022-0232 1 Metagauss 1 Leadmagic 2025-01-31 4.8 Medium
The User Registration, Login & Landing Pages WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the loader_text parameter found in the ~/includes/templates/landing-page.php file which allows attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.2.7. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
CVE-2023-25991 1 Metagauss 1 Registrationmagic 2025-01-13 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in RegistrationMagic plugin <= 5.1.9.2 versions.
CVE-2023-4252 1 Metagauss 1 Eventprime 2024-11-21 5.3 Medium
The EventPrime WordPress plugin through 3.2.9 specifies the price of a booking in the client request, allowing an attacker to purchase bookings without payment.
CVE-2024-31275 1 Metagauss 1 Eventprime 2024-11-21 8.2 High
Missing Authorization vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through 3.3.4.
CVE-2023-52117 1 Metagauss 1 Profilegrid 2024-11-21 4.3 Medium
Missing Authorization vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid: from n/a through 5.6.6.
CVE-2023-35884 1 Metagauss 1 Eventprime 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in EventPrime plugin <= 3.0.5 versions.
CVE-2023-33326 1 Metagauss 1 Eventprime 2024-11-21 7.1 High
Unauth. Reflected (XSS) Cross-Site Scripting (XSS) vulnerability in EventPrime plugin <= 2.8.6 versions.
CVE-2022-38062 1 Metagauss 1 Download Theme 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Metagauss Download Theme plugin <= 1.0.9 versions.
CVE-2022-36345 1 Metagauss 1 Download Plugin 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Metagauss Download Plugin <= 2.0.4 versions.
CVE-2022-0420 1 Metagauss 1 Registrationmagic 2024-11-21 7.2 High
The RegistrationMagic WordPress plugin before 5.0.2.2 does not sanitise and escape the rm_form_id parameter before using it in a SQL statement in the Automation admin dashboard, allowing high privilege users to perform SQL injection attacks
CVE-2021-24862 1 Metagauss 1 Registrationmagic 2024-11-21 7.2 High
The RegistrationMagic WordPress plugin before 5.0.1.6 does not escape user input in its rm_chronos_ajax AJAX action before using it in a SQL statement when duplicating tasks in batches, which could lead to a SQL injection issue
CVE-2021-24703 1 Metagauss 1 Download Plugin 2024-11-21 5.7 Medium
The Download Plugin WordPress plugin before 1.6.1 does not have capability and CSRF checks in the dpwap_plugin_activate AJAX action, allowing any authenticated users, such as subscribers, to activate plugins that are already installed.
CVE-2021-24648 1 Metagauss 1 Registrationmagic 2024-11-21 6.1 Medium
The RegistrationMagic WordPress plugin before 5.0.1.9 does not sanitise and escape the rm_search_value parameter before outputting back in an attribute, leading to a Reflected Cross-Site Scripting
CVE-2020-9458 1 Metagauss 1 Registrationmagic 2024-11-21 8.8 High
In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the export function allows remote authenticated users (with minimal privileges) to export submitted form data and settings via class_rm_form_controller.php rm_form_export.