Filtered by vendor Metagauss
Subscribe
Total
49 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-24862 | 1 Metagauss | 1 Registrationmagic | 2024-02-28 | 6.5 MEDIUM | 7.2 HIGH |
The RegistrationMagic WordPress plugin before 5.0.1.6 does not escape user input in its rm_chronos_ajax AJAX action before using it in a SQL statement when duplicating tasks in batches, which could lead to a SQL injection issue | |||||
CVE-2020-8436 | 1 Metagauss | 1 Registrationmagic | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
XSS was discovered in the RegistrationMagic plugin 4.6.0.0 for WordPress via the rm_form_id, rm_tr, or form_name parameter. | |||||
CVE-2020-8435 | 1 Metagauss | 1 Registrationmagic | 2024-02-28 | 5.5 MEDIUM | 8.1 HIGH |
An issue was discovered in the RegistrationMagic plugin 4.6.0.0 for WordPress. There is SQL injection via the rm_analytics_show_form rm_form_id parameter. | |||||
CVE-2020-9455 | 1 Metagauss | 1 Registrationmagic | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote authenticated users (with minimal privileges) to send arbitrary emails on behalf of the site via class_rm_user_services.php send_email_user_view. | |||||
CVE-2020-9456 | 1 Metagauss | 1 Registrationmagic | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the user controller allows remote authenticated users (with minimal privileges) to elevate their privileges to administrator via class_rm_user_controller.php rm_user_edit. | |||||
CVE-2020-9458 | 1 Metagauss | 1 Registrationmagic | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the export function allows remote authenticated users (with minimal privileges) to export submitted form data and settings via class_rm_form_controller.php rm_form_export. | |||||
CVE-2020-9457 | 1 Metagauss | 1 Registrationmagic | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote authenticated users (with minimal privileges) to import custom vulnerable forms and change form settings via class_rm_form_settings_controller.php, resulting in privilege escalation. | |||||
CVE-2020-9454 | 1 Metagauss | 1 Registrationmagic | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
A CSRF vulnerability in the RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote attackers to forge requests on behalf of a site administrator to change all settings for the plugin, including deleting users, creating new roles with escalated privileges, and allowing PHP file uploads via forms. | |||||
CVE-2019-15873 | 1 Metagauss | 1 Profilegrid | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
The profilegrid-user-profiles-groups-and-communities plugin before 2.8.6 for WordPress has remote code execution via an wp-admin/admin-ajax.php request with the action=pm_template_preview&html=<?php substring followed by PHP code. |