Vulnerabilities in metagauss

106 results

CVE-2024-1124MEDIUMEventPrime – Events Calendar, Bookings and Tickets <= 3.4.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email SendingEPSS 0.3%CVE-2024-8861MEDIUMProfileGrid – User Profiles, Groups and Communities <= 5.9.3.2 - Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.3%CVE-2026-1271MEDIUMProfileGrid <= 5.9.7.2 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Profile and Cover Image ModificationEPSS 0.3%CVE-2025-69358HIGHWordPress EventPrime plugin <= 4.2.6.0 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-49273MEDIUMWordPress ProfileGrid plugin <= 5.9.3 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.3%CVE-2023-52117MEDIUMWordPress ProfileGrid plugin <= 5.6.6 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-9864MEDIUMEventPrime – Modern Events Calendar, Bookings and Tickets <= 4.0.4.7 - Unauthenticated Stored Cross-Site ScriptingEPSS 0.3%CVE-2026-32498HIGHWordPress RegistrationMagic plugin <= 6.0.7.6 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-13416MEDIUMProfileGrid – User Profiles, Groups and Communities <= 5.9.7.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User SuspensionEPSS 0.3%CVE-2026-1655MEDIUMEventPrime <= 4.2.8.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Event Modification via 'event_id' ParameterEPSS 0.3%CVE-2025-2836MEDIUMRegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 6.0.4.3 - Authenticated (Subscriber+) Stored Cross-Site ScriptingEPSS 0.3%CVE-2025-1408MEDIUMProfileGrid – User Profiles, Groups and Communities <= 5.9.4.4 - Missing Authorinzation to Authenticated (Subscriber+) Join Group Requests ManagementEPSS 0.3%CVE-2025-39586HIGHWordPress ProfileGrid plugin <= 5.9.4.8 - SQL Injection VulnerabilityEPSS 0.3%CVE-2025-6977MEDIUMProfileGrid – User Profiles, Groups and Communities <= 5.9.5.4 - Reflected Cross-Site Scripting via 'pm_get_messenger_notification' functionEPSS 0.3%CVE-2024-13526MEDIUMEventPrime – Events Calendar, Bookings and Tickets <= 4.0.7.3 - Missing Authorization to Authenticated (Subscriber+) Event Attendees ExportEPSS 0.3%CVE-2022-36345MEDIUMWordPress Download Plugin Plugin <= 2.0.4 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.3%CVE-2026-4608MEDIUMProfileGrid <= 5.9.8.4 - Authenticated (Subscriber+) SQL Injection via 'rid' ParameterEPSS 0.3%CVE-2024-13740MEDIUMProfileGrid – User Profiles, Groups and Communities <= 5.9.4.2 - Insecure Direct Object Reference to Authenticated (Subscriber+) Private Messages DisclosureEPSS 0.3%CVE-2024-1321MEDIUMEventPrime – Events Calendar, Bookings and Tickets <= 3.4.2 - Unauthenticated Booking Payment BypassEPSS 0.3%CVE-2022-38062MEDIUMWordPress Download Theme Plugin <= 1.0.9 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.3%

← previouspage 4 / 6next →