Latest medium severity vulnerabilities for vendor "metagauss"

Kikfyre Event Plugin for WordPressWordPress Event Kikfyre plugin <= 2.1.8 - Broken Access Control vulnerability

medium

5.4

EPSS

0.04%

First published (updated )

CVE-2025-25110

Metagauss EventPrimeEventPrime – Modern Events Calendar, Bookings and Tickets <= 4.0.4.7 - Unauthenticated Stored Cross-Site Scripting

medium

6.1

EPSS

0.05%

First published (updated )

CVE-2024-9864

Metagauss EventPrimeEventPrime – Modern Events Calendar, Bookings and Tickets <= 4.0.4.7 - Unauthenticated Stored Cross-Site Scripting via Transaction Log

medium

6.1

EPSS

0.05%

First published (updated )

CVE-2024-9865

Metagauss Download PluginDownload Plugin <= 2.2.0 - Missing Authorization to Authenticated (Subscriber+) User Metadata and Comment Download

medium

6.5

EPSS

0.06%

First published (updated )

CVE-2024-9829

Metagauss ProfileGridWordPress ProfileGrid plugin <= 5.9.3 - Cross Site Request Forgery (CSRF) vulnerability

medium

6.5

First published (updated )

CVE-2024-49273

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read More Start Free Trial

Metagauss ProfileGridProfileGrid – User Profiles, Groups and Communities <= 5.9.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

medium

6.4

EPSS

0.05%

First published (updated )

CVE-2024-8861

Metagauss EventPrimeEventPrime <= 4.0.4.3 - Missing Authorization to Unauthenticated Private or Password-Protected Events Disclosure

medium

5.3

EPSS

0.05%

First published (updated )

CVE-2024-8369

RegistrationMagic User Registration PluginWordPress RegistrationMagic plugin <= 6.0.1.0 - Cross Site Scripting (XSS) vulnerability

medium

6.1

First published (updated )

CVE-2024-43317

RegistrationMagic User Registration PluginWordPress RegistrationMagic plugin <= 6.0.0.1 - Cross Site Scripting (XSS) vulnerability

medium

6.1

First published (updated )

CVE-2024-39643

Metagauss ProfileGridProfileGrid <= 5.8.9 - Authenticated (Subscriber+) Insecure Direct Object Reference

medium

4.3

EPSS

0.07%

First published (updated )

CVE-2024-6410

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read More Start Free Trial

Metagauss ProfileGridWordPress ProfileGrid plugin <= 5.6.6 - Broken Access Control vulnerability

medium

6.3

First published (updated )

CVE-2023-52117

Metagauss ProfileGridProfileGrid <= 5.8.6 - Missing Authorization

medium

4.3

EPSS

0.05%

First published (updated )

CVE-2024-5453

RegistrationMagic User Registration PluginWordPress RegistrationMagic plugin <= 5.2.5.0 - Form Submission Limit Bypass vulnerability

medium

5.3

First published (updated )

CVE-2023-51544

EventPrimeWordPress EventPrime plugin <= 2.8.6 - Sensitive Data Exposure

medium

5.3

First published (updated )

CVE-2023-33321

Metagauss ProfileGridThe ProfileGrid – User Profiles, Memberships, Groups and Communities plugin for WordPress is vulnera…

medium

4.3

EPSS

0.04%

First published (updated )

CVE-2024-3606

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read More Start Free Trial

RegistrationMagic User Registration PluginWordPress RegistrationMagic plugin <= 5.1.9.2 - Content Injection

medium

6.5

First published (updated )

CVE-2023-23989

Metagauss ProfileGridWordPress ProfileGrid plugin <= 5.7.2 - Insecure Direct Object References (IDOR) vulnerability

medium

6.5

EPSS

0.04%

First published (updated )

CVE-2024-30513

EventPrimeWordPress EventPrime plugin <= 3.3.9 - Cross Site Scripting (XSS) vulnerability

medium

5.9

EPSS

0.04%

First published (updated )

CVE-2024-29776

RegistrationMagic User Registration PluginWordPress RegistrationMagic plugin <= 5.3.0.0 - Cross Site Request Forgery (CSRF) vulnerability

medium

4.3

EPSS

0.04%

First published (updated )

CVE-2024-2951

Metagauss EventPrimeThe EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unautho…

medium

5.3

First published (updated )

CVE-2024-1126

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read More Start Free Trial

Metagauss EventPrimeThe EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to payment…

medium

5.3

First published (updated )

CVE-2024-1321

Metagauss EventPrimeThe EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unautho…

medium

4.3

First published (updated )

CVE-2024-1127

Metagauss EventPrimeThe EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unautho…

medium

6.5

First published (updated )

CVE-2024-1125

Metagauss EventPrimeXSS

medium

6.5

First published (updated )

CVE-2024-1320

Metagauss EventPrimeThe EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unautho…

medium

6.5

First published (updated )

CVE-2024-1123

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read More Start Free Trial

Metagauss EventPrimeThe EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unautho…

medium

4.3

First published (updated )

CVE-2024-1124

Metagauss EventPrimeEventPrime < 3.3.6 - Unauthenticated Event Access

medium

5.3

First published (updated )

CVE-2023-6447

Metagauss EventPrimeEventPrime <= 3.2.9 - Booking Pricing Bypass

medium

5.3

First published (updated )

CVE-2023-4252

Metagauss EventPrimeEventPrime < 3.2.0 - Reflected XSS

medium

6.1

First published (updated )

CVE-2023-4250

Metagauss EventPrimeEventPrime < 3.2.0 - Booking Creation via CSRF

medium

4.3

First published (updated )

CVE-2023-4251

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read More Start Free Trial

Software

Kikfyre Event Plugin for WordPressWordPress Event Kikfyre plugin <= 2.1.8 - Broken Access Control vulnerability

Metagauss EventPrimeEventPrime – Modern Events Calendar, Bookings and Tickets <= 4.0.4.7 - Unauthenticated Stored Cross-Site Scripting

Metagauss EventPrimeEventPrime – Modern Events Calendar, Bookings and Tickets <= 4.0.4.7 - Unauthenticated Stored Cross-Site Scripting via Transaction Log

Metagauss Download PluginDownload Plugin <= 2.2.0 - Missing Authorization to Authenticated (Subscriber+) User Metadata and Comment Download

Metagauss ProfileGridWordPress ProfileGrid plugin <= 5.9.3 - Cross Site Request Forgery (CSRF) vulnerability

Never miss a vulnerability like this again

Metagauss ProfileGridProfileGrid – User Profiles, Groups and Communities <= 5.9.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Metagauss EventPrimeEventPrime <= 4.0.4.3 - Missing Authorization to Unauthenticated Private or Password-Protected Events Disclosure

RegistrationMagic User Registration PluginWordPress RegistrationMagic plugin <= 6.0.1.0 - Cross Site Scripting (XSS) vulnerability

RegistrationMagic User Registration PluginWordPress RegistrationMagic plugin <= 6.0.0.1 - Cross Site Scripting (XSS) vulnerability

Metagauss ProfileGridProfileGrid <= 5.8.9 - Authenticated (Subscriber+) Insecure Direct Object Reference

Never miss a vulnerability like this again

Metagauss ProfileGridWordPress ProfileGrid plugin <= 5.6.6 - Broken Access Control vulnerability

Metagauss ProfileGridProfileGrid <= 5.8.6 - Missing Authorization

RegistrationMagic User Registration PluginWordPress RegistrationMagic plugin <= 5.2.5.0 - Form Submission Limit Bypass vulnerability

EventPrimeWordPress EventPrime plugin <= 2.8.6 - Sensitive Data Exposure

Metagauss ProfileGridThe ProfileGrid – User Profiles, Memberships, Groups and Communities plugin for WordPress is vulnera…

Never miss a vulnerability like this again

RegistrationMagic User Registration PluginWordPress RegistrationMagic plugin <= 5.1.9.2 - Content Injection

Metagauss ProfileGridWordPress ProfileGrid plugin <= 5.7.2 - Insecure Direct Object References (IDOR) vulnerability

EventPrimeWordPress EventPrime plugin <= 3.3.9 - Cross Site Scripting (XSS) vulnerability

RegistrationMagic User Registration PluginWordPress RegistrationMagic plugin <= 5.3.0.0 - Cross Site Request Forgery (CSRF) vulnerability

Metagauss EventPrimeThe EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unautho…

Never miss a vulnerability like this again

Metagauss EventPrimeThe EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to payment…

Metagauss EventPrimeThe EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unautho…

Metagauss EventPrimeThe EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unautho…

Metagauss EventPrimeXSS

Metagauss EventPrimeThe EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unautho…

Never miss a vulnerability like this again

Metagauss EventPrimeThe EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unautho…

Metagauss EventPrimeEventPrime < 3.3.6 - Unauthenticated Event Access

Metagauss EventPrimeEventPrime <= 3.2.9 - Booking Pricing Bypass

Metagauss EventPrimeEventPrime < 3.2.0 - Reflected XSS

Metagauss EventPrimeEventPrime < 3.2.0 - Booking Creation via CSRF

Never miss a vulnerability like this again

Company

Resources

Contact