Filtered by vendor Metagauss
Subscriptions
Total
45 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-9458 | 1 Metagauss | 1 Registrationmagic | 2022-01-21 | 8.8 High |
| In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the export function allows remote authenticated users (with minimal privileges) to export submitted form data and settings via class_rm_form_controller.php rm_form_export. | ||||
| CVE-2020-9457 | 1 Metagauss | 1 Registrationmagic | 2022-01-21 | 8.8 High |
| The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote authenticated users (with minimal privileges) to import custom vulnerable forms and change form settings via class_rm_form_settings_controller.php, resulting in privilege escalation. | ||||
| CVE-2020-9456 | 1 Metagauss | 1 Registrationmagic | 2022-01-21 | 8.8 High |
| In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the user controller allows remote authenticated users (with minimal privileges) to elevate their privileges to administrator via class_rm_user_controller.php rm_user_edit. | ||||
| CVE-2020-9455 | 1 Metagauss | 1 Registrationmagic | 2022-01-21 | 4.3 Medium |
| The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote authenticated users (with minimal privileges) to send arbitrary emails on behalf of the site via class_rm_user_services.php send_email_user_view. | ||||
| CVE-2020-9454 | 1 Metagauss | 1 Registrationmagic | 2022-01-21 | 8.8 High |
| A CSRF vulnerability in the RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote attackers to forge requests on behalf of a site administrator to change all settings for the plugin, including deleting users, creating new roles with escalated privileges, and allowing PHP file uploads via forms. | ||||