| CVE-2024-30241 | WordPress ProfileGrid – User Profiles, Memberships, Groups and Communities plugin <= 5.7.1 - Contributor+ SQL Injection vulnerability | Metagauss | ProfileGrid | High | 8.5 | 2024-03-28 04:36:29 | Deep Dive |
| CVE-2024-29776 | WordPress EventPrime plugin <= 3.3.9 - Cross Site Scripting (XSS) vulnerability | Metagauss | EventPrime | Medium | 5.9 | 2024-03-27 12:48:27 | Deep Dive |
| CVE-2024-2951 | WordPress RegistrationMagic plugin <= 5.3.0.0 - Cross Site Request Forgery (CSRF) vulnerability | Metagauss | RegistrationMagic | Medium | 4.3 | 2024-03-26 18:03:42 | Deep Dive |
| CVE-2024-24832 | WordPress EventPrime plugin <= 3.3.9 - Broken Access Control vulnerability | Metagauss | EventPrime | High | 8.2 | 2024-03-23 14:53:19 | Deep Dive |
| CVE-2024-25935 | WordPress RegistrationMagic plugin <= 5.2.5.9 - Broken Access Control vulnerability | Metagauss | RegistrationMagic | Medium | 4.3 | 2024-03-21 17:31:23 | Deep Dive |
| CVE-2024-29113 | WordPress RegistrationMagic plugin <= 5.2.5.9 - Reflected Cross Site Scripting (XSS) vulnerability | Metagauss | RegistrationMagic | High | 7.1 | 2024-03-19 15:00:36 | Deep Dive |
| CVE-2024-1126 | EventPrime – Events Calendar, Bookings and Tickets <= 3.4.2 - Missing Authorization to Authenticated (Subscriber+) Attendee List Retrieval | metagauss | EventPrime – Events Calendar, Bookings and Tickets | Medium | 4.3 | 2024-03-13 15:27:17 | Deep Dive |
| CVE-2024-1321 | EventPrime – Events Calendar, Bookings and Tickets <= 3.4.2 - Unauthenticated Booking Payment Bypass | metagauss | EventPrime – Events Calendar, Bookings and Tickets | Medium | 5.3 | 2024-03-13 15:26:57 | Deep Dive |
| CVE-2024-1127 | EventPrime – Events Calendar, Bookings and Tickets <= 3.4.1 - Missing Authorization to Authenticated (Subscriber+) Event Export | metagauss | EventPrime – Events Calendar, Bookings and Tickets | Medium | 4.3 | 2024-03-13 15:26:44 | Deep Dive |
| CVE-2024-1125 | EventPrime – Events Calendar, Bookings and Tickets <= 3.4.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion | metagauss | EventPrime – Events Calendar, Bookings and Tickets | Medium | 5.4 | 2024-03-09 07:01:10 | Deep Dive |
| CVE-2024-1320 | EventPrime – Events Calendar, Bookings and Tickets <= 3.4.3 - Unauthenticated Stored Cross-Site Scripting | metagauss | EventPrime – Events Calendar, Bookings and Tickets | Medium | 6.5 | 2024-03-09 07:01:10 | Deep Dive |
| CVE-2024-1123 | EventPrime – Events Calendar, Bookings and Tickets <= 3.4.2 - Missing Authorization to Arbitrary Post Overwrite | metagauss | EventPrime – Events Calendar, Bookings and Tickets | Medium | 6.5 | 2024-03-09 07:01:09 | Deep Dive |
| CVE-2024-1124 | EventPrime – Events Calendar, Bookings and Tickets <= 3.4.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Sending | metagauss | EventPrime – Events Calendar, Bookings and Tickets | Medium | 4.3 | 2024-03-09 07:01:05 | Deep Dive |
| CVE-2023-51509 | WordPress RegistrationMagic Plugin <= 5.2.4.1 is vulnerable to Cross Site Scripting (XSS) | Metagauss | RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login | High | 7.1 | 2024-02-01 11:24:54 | Deep Dive |
| CVE-2023-3404 | ProfileGrid <= 5.5.0 - Hardcoded Encryption Key | metagauss | ProfileGrid – User Profiles, Groups and Communities | Medium | 4.9 | 2023-08-31 05:33:10 | Deep Dive |
| CVE-2023-3403 | ProfileGrid <= 5.5.1 - Missing Authorization to User Import | metagauss | ProfileGrid – User Profiles, Groups and Communities | Medium | 5.4 | 2023-07-18 02:39:26 | Deep Dive |
| CVE-2023-3714 | ProfileGrid <= 5.5.2 - Missing Authorization to Arbitrary Group Option Modification and Privilege Escalation | metagauss | ProfileGrid – User Profiles, Groups and Communities | High | 7.5 | 2023-07-18 02:39:26 | Deep Dive |
| CVE-2023-3713 | ProfileGrid <= 5.5.1 - Authenticated (Subscriber+) Arbitrary Option Update | metagauss | ProfileGrid – User Profiles, Groups and Communities | High | 8.8 | 2023-07-18 02:39:25 | Deep Dive |
| CVE-2022-38062 | WordPress Download Theme Plugin <= 1.0.9 is vulnerable to Cross Site Request Forgery (CSRF) | Metagauss | Download Theme | Medium | 4.3 | 2023-07-17 15:20:53 | Deep Dive |
| CVE-2022-36345 | WordPress Download Plugin Plugin <= 2.0.4 is vulnerable to Cross Site Request Forgery (CSRF) | Metagauss | Download Plugin | Medium | 4.3 | 2023-05-28 19:05:18 | Deep Dive |