Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Metagauss Subscribe
Total 46 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-8435 1 Metagauss 1 Registrationmagic 2022-01-21 5.5 MEDIUM 8.1 HIGH
An issue was discovered in the RegistrationMagic plugin 4.6.0.0 for WordPress. There is SQL injection via the rm_analytics_show_form rm_form_id parameter.
CVE-2020-9458 1 Metagauss 1 Registrationmagic 2022-01-21 6.5 MEDIUM 8.8 HIGH
In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the export function allows remote authenticated users (with minimal privileges) to export submitted form data and settings via class_rm_form_controller.php rm_form_export.
CVE-2020-9457 1 Metagauss 1 Registrationmagic 2022-01-21 6.5 MEDIUM 8.8 HIGH
The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote authenticated users (with minimal privileges) to import custom vulnerable forms and change form settings via class_rm_form_settings_controller.php, resulting in privilege escalation.
CVE-2020-9456 1 Metagauss 1 Registrationmagic 2022-01-21 6.5 MEDIUM 8.8 HIGH
In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the user controller allows remote authenticated users (with minimal privileges) to elevate their privileges to administrator via class_rm_user_controller.php rm_user_edit.
CVE-2020-9455 1 Metagauss 1 Registrationmagic 2022-01-21 4.0 MEDIUM 4.3 MEDIUM
The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote authenticated users (with minimal privileges) to send arbitrary emails on behalf of the site via class_rm_user_services.php send_email_user_view.
CVE-2020-9454 1 Metagauss 1 Registrationmagic 2022-01-21 6.8 MEDIUM 8.8 HIGH
A CSRF vulnerability in the RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote attackers to forge requests on behalf of a site administrator to change all settings for the plugin, including deleting users, creating new roles with escalated privileges, and allowing PHP file uploads via forms.