251 matches found
WordPress RegistrationMagic <5.0.1.6 - Authenticated SQL Injection
WordPress RegistrationMagic plugin before 5.0.1.6 contains an authenticated SQL injection vulnerability. The plugin does not escape user input in its rmchronosajax AJAX action before using it in a SQL statement when duplicating tasks in batches. An attacker can possibly obtain sensitive...
WordPress ProfileGrid <5.1.1 - Cross-Site Scripting
WordPress ProfileGrid plugin prior to 5.1.1 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site...
CVE-2026-25417
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Stored XSS.This issue affects ProfileGrid : from n/a through = 5.9.8.1...
CVE-2026-24373
Incorrect Privilege Assignment vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Privilege Escalation.This issue affects RegistrationMagic: from n/a through = 6.0.7.1...
EUVD-2026-15723
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Stored XSS.This issue affects ProfileGrid : from n/a through = 5.9.8.1...
EUVD-2026-15569
Incorrect Privilege Assignment vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Privilege Escalation.This issue affects RegistrationMagic: from n/a through = 6.0.7.1...
EUVD-2026-15573
Deserialization of Untrusted Data vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Object Injection.This issue affects EventPrime: from n/a through = 4.2.8.0...
CVE-2026-25417
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Stored XSS.This issue affects ProfileGrid : from n/a through = 5.9.8.1...
CVE-2026-24378
Deserialization of Untrusted Data vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Object Injection.This issue affects EventPrime: from n/a through = 4.2.8.0...
CVE-2025-69358
Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through = 4.2.6.0...
PT-2026-28012
Name of the Vulnerable Software and Affected Versions RegistrationMagic versions prior to 6.0.7.7 Description A missing authorization flaw exists in the RegistrationMagic custom-registration-form-builder-with-submission-manager. This issue allows exploitation of incorrectly configured access...
PT-2026-27855
Name of the Vulnerable Software and Affected Versions Metagauss RegistrationMagic versions through 6.0.7.1 Description An incorrect privilege assignment exists in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager, allowing for privilege escalation. The issue...
PT-2026-27808
Name of the Vulnerable Software and Affected Versions Metagauss EventPrime versions n/a through 4.2.6.0 Description A missing authorization flaw exists in Metagauss EventPrime eventprime-event-calendar-management. This issue allows exploitation of incorrectly configured access control security...
PT-2026-27857
Name of the Vulnerable Software and Affected Versions Metagauss EventPrime versions through 4.2.8.0 Description The software contains a flaw due to deserialization of untrusted data, which allows for object injection. This issue impacts the eventprime-event-calendar-management component...
PT-2026-27943
Name of the Vulnerable Software and Affected Versions Metagauss ProfileGrid versions prior to 5.9.8.2 Description The software contains a flaw due to improper handling of input during the creation of web pages, specifically a 'cross-site scripting' issue. This allows for 'Stored XSS', where...
EUVD-2026-11891
Missing Authorization vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RegistrationMagic: from n/a through = 6.0.7.6...
CVE-2026-32385
Missing Authorization vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RegistrationMagic: from n/a through = 6.0.7.6...
CVE-2026-25389
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Retrieve Embedded Sensitive Data.This issue affects EventPrime: from n/a through = 4.2.8.3...
CVE-2026-25389
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Retrieve Embedded Sensitive Data.This issue affects EventPrime: from n/a through = 4.2.8.3...
CVE-2026-25389
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Retrieve Embedded Sensitive Data.This issue affects EventPrime: from n/a through = 4.2.8.3...