Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Metagauss — Vulnerabilities & Security Advisories 101

Browse all 101 CVE security advisories affecting Metagauss. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Metagauss:ProfileGrid – User Profiles, Groups and CommunitiesEventPrime – Events Calendar, Bookings and TicketsRegistrationMagicRegistrationMagic – Custom Registration Forms, User Registration, Payment, and User LoginProfileGridEventPrimeProfileGrid Download PluginDownload ThemeEvent Kikfyre
CVE IDTitleCVSSSeverityPublished
CVE-2026-32498 WordPress RegistrationMagic plugin <= 6.0.7.6 - Broken Access Control vulnerability — RegistrationMagicCWE-862 8.1 -2026-03-25
CVE-2026-25417 WordPress ProfileGrid plugin <= 5.9.8.1 - Cross Site Scripting (XSS) vulnerability — ProfileGridCWE-79 6.5 Medium2026-03-25
CVE-2026-24378 WordPress EventPrime plugin <= 4.2.8.0 - PHP Object Injection vulnerability — EventPrimeCWE-502 9.8 Critical2026-03-25
CVE-2026-24373 WordPress RegistrationMagic plugin <= 6.0.7.1 - Account Takeover vulnerability — RegistrationMagicCWE-266 8.1 High2026-03-25
CVE-2025-69358 WordPress EventPrime plugin <= 4.2.6.0 - Broken Access Control vulnerability — EventPrimeCWE-862 7.5 High2026-03-25
CVE-2026-25312 WordPress EventPrime plugin <= 4.2.8.3 - Payment Bypass vulnerability — EventPrimeCWE-862 7.1 -2026-03-19
CVE-2026-32385 WordPress RegistrationMagic plugin <= 6.0.7.6 - Broken Access Control vulnerability — RegistrationMagicCWE-862 8.1 -2026-03-13
CVE-2026-2488 ProfileGrid <= 5.9.8.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Message Deletion — ProfileGrid – User Profiles, Groups and CommunitiesCWE-862 4.3 Medium2026-03-07
CVE-2026-2494 ProfileGrid <= 5.9.8.2 - Cross-Site Request Forgery to Group Membership Request Approval/Denial — ProfileGrid – User Profiles, Groups and CommunitiesCWE-352 4.3 Medium2026-03-07
CVE-2026-25389 WordPress EventPrime plugin <= 4.2.8.3 - Sensitive Data Exposure vulnerability — EventPrimeCWE-497 6.2AIMediumAI2026-02-19
CVE-2025-14444 RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 6.0.6.9 - Unauthenticated Payment Bypass via rm_process_paypal_sdk_payment — RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User LoginCWE-345 5.3 Medium2026-02-18
CVE-2026-1655 EventPrime <= 4.2.8.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Event Modification via 'event_id' Parameter — EventPrime – Events Calendar, Bookings and TicketsCWE-862 4.3 Medium2026-02-18
CVE-2026-1657 EventPrime <= 4.2.8.4 - Missing Authorization to Unauthenticated Image Upload via 'ep_upload_file_media' AJAX Endpoint — EventPrime – Events Calendar, Bookings and TicketsCWE-862 5.3 Medium2026-02-17
CVE-2026-1271 ProfileGrid <= 5.9.7.2 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Profile and Cover Image Modification — ProfileGrid – User Profiles, Groups and CommunitiesCWE-639 5.3 Medium2026-02-05
CVE-2025-13416 ProfileGrid – User Profiles, Groups and Communities <= 5.9.7.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Suspension — ProfileGrid – User Profiles, Groups and CommunitiesCWE-862 4.3 Medium2026-02-05
CVE-2026-1054 RegistrationMagic <= 6.0.7.4 - Missing Authorization to Unauthenticated Arbitrary Settings Modification — RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User LoginCWE-862 5.3 Medium2026-01-28
CVE-2026-24380 WordPress EventPrime plugin <= 4.2.8.0 - Broken Access Control vulnerability — EventPrimeCWE-862 5.3 Medium2026-01-22
CVE-2026-24374 WordPress RegistrationMagic plugin <= 6.0.6.9 - Cross Site Request Forgery (CSRF) vulnerability — RegistrationMagicCWE-352 5.4 Medium2026-01-22
CVE-2025-15403 RegistrationMagic <= 6.0.7.1 - Unauthenticated Privilege Escalation via admin_order — RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User LoginCWE-269 9.8 Critical2026-01-17
CVE-2025-14507 EventPrime - Events Calendar, Bookings and Tickets <= 4.2.7.0 - Unauthenticated Sensitive Information Exposure via REST API — EventPrime – Events Calendar, Bookings and TicketsCWE-200 5.3 Medium2026-01-13
CVE-2025-13610 RegistrationMagic <= 6.0.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'RM_Forms' Shortcode — RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User LoginCWE-79 6.4 Medium2025-12-15
CVE-2025-63007 WordPress EventPrime plugin <= 4.2.4.1 - Sensitive Data Exposure vulnerability — EventPrimeCWE-201 5.5AIMediumAI2025-12-09
CVE-2025-63006 WordPress EventPrime plugin <= 4.2.4.1 - Broken Access Control vulnerability — EventPrimeCWE-862 4.3 Medium2025-12-09
CVE-2025-12498 EventPrime – Events Calendar, Bookings and Tickets <= 4.2.0.0 - Missing Authorization to Authenticated (Subscriber+) Booking Note Creation — EventPrime – Events Calendar, Bookings and TicketsCWE-862 4.3 Medium2025-11-08
CVE-2017-20208 RegistrationMagic - Custom Registration Forms <= 3.7.9.2 - PHP Object Injection — RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User LoginCWE-502 9.8 Critical2025-10-18
CVE-2025-11204 RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 6.0.6.2 - Authenticated (Administrator+) SQL Injection — RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User LoginCWE-89 7.2 High2025-10-08
CVE-2025-4957 WordPress ProfileGrid plugin <= 5.9.5.7 - Reflected Cross Site Scripting (XSS) vulnerability — ProfileGridCWE-79 7.1 High2025-09-26
CVE-2025-49033 WordPress ProfileGrid plugin <= 5.9.5.3 - SQL Injection vulnerability — ProfileGridCWE-89 8.5 High2025-08-14
CVE-2025-49876 WordPress ProfileGrid plugin <= 5.9.5.2 - SQL Injection vulnerability — ProfileGridCWE-89 8.5 High2025-07-16
CVE-2025-6977 ProfileGrid – User Profiles, Groups and Communities <= 5.9.5.4 - Reflected Cross-Site Scripting via 'pm_get_messenger_notification' function — ProfileGrid – User Profiles, Groups and CommunitiesCWE-79 6.1 Medium2025-07-16

This page lists every published CVE security advisory associated with Metagauss. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.