MetagaussCVEs & Vulnerabilities

104 CVEs affecting Metagauss products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

profilegrid 35registrationmagic 34eventprime 27download plugin 5leadmagic 1download theme 1themeflection numbers 1
CVE-2020-8436MEDIUM

XSS was discovered in the RegistrationMagic plugin 4.6.0.0 for WordPress via the rm_form_id, rm_tr, or form_name parameter.

12 Mar 2020
6.1
CVSS
CVE-2020-8435HIGH

An issue was discovered in the RegistrationMagic plugin 4.6.0.0 for WordPress. There is SQL injection via the rm_analytics_show_form rm_form_id parameter.

12 Mar 2020
8.1
CVSS
CVE-2020-9458HIGH

In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the export function allows remote authenticated users (with minimal privileges) to export submitted form data and settings via class_rm_form_controller.php rm_form_export.

6 Mar 2020
8.8
CVSS
CVE-2020-9457HIGH

The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote authenticated users (with minimal privileges) to import custom vulnerable forms and change form settings via class_rm_form_settings_controller.php, resulting in privilege escalation.

6 Mar 2020
8.8
CVSS
CVE-2020-9456HIGH

In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the user controller allows remote authenticated users (with minimal privileges) to elevate their privileges to administrator via class_rm_user_controller.php rm_user_edit.

6 Mar 2020
8.8
CVSS
CVE-2020-9455MEDIUM

The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote authenticated users (with minimal privileges) to send arbitrary emails on behalf of the site via class_rm_user_services.php send_email_user_view.

6 Mar 2020
4.3
CVSS
CVE-2020-9454HIGH

A CSRF vulnerability in the RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote attackers to forge requests on behalf of a site administrator to change all settings for the plugin, including deleting users, creating new roles with escalated privileges, and allowing PHP file uploads via forms.

6 Mar 2020
8.8
CVSS
CVE-2019-15873HIGH

The profilegrid-user-profiles-groups-and-communities plugin before 2.8.6 for WordPress has remote code execution via an wp-admin/admin-ajax.php request with the action=pm_template_preview&html=<?php substring followed by PHP code.

3 Sep 2019
8.8
CVSS
← PrevPage 3 / 3Next →
Metagauss CVEs & Vulnerabilities — 104 Tracked — Page 3