Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

metagauss — Vulnerabilities & Security Advisories 101

Browse all 101 CVE security advisories affecting metagauss. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by metagauss:ProfileGrid – User Profiles, Groups and CommunitiesEventPrime – Events Calendar, Bookings and TicketsRegistrationMagicRegistrationMagic – Custom Registration Forms, User Registration, Payment, and User LoginProfileGridEventPrimeProfileGrid Download PluginDownload ThemeEvent Kikfyre
CVE IDTitleCVSSSeverityPublished
CVE-2025-6586 Download Plugin <= 2.2.8 - Authenticated (Administrator+) Arbitrary File Upload — Download PluginCWE-434 7.2 High2025-07-04
CVE-2025-52719 WordPress ProfileGrid plugin <= 5.9.5.2 - Full Path Disclosure (FPD) Vulnerability — ProfileGridCWE-497 4.3 Medium2025-06-20
CVE-2025-49877 WordPress ProfileGrid plugin <= 5.9.5.2 - Server Side Request Forgery (SSRF) Vulnerability — ProfileGridCWE-918 4.9 Medium2025-06-17
CVE-2025-47478 WordPress ProfileGrid plugin <= 5.9.5.0 - SQL Injection Vulnerability — ProfileGridCWE-89 8.5 High2025-05-23
CVE-2025-48079 WordPress ProfileGrid plugin <= 5.9.5.1 - Broken Access Control Vulnerability — ProfileGridCWE-862 4.3 Medium2025-05-16
CVE-2025-39586 WordPress ProfileGrid plugin <= 5.9.4.8 - SQL Injection Vulnerability — ProfileGridCWE-89 8.5 High2025-04-17
CVE-2025-2836 RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 6.0.4.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting — RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User LoginCWE-79 6.4 Medium2025-04-04
CVE-2025-0724 ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.5 - Authenticated (Subscriber+) PHP Object Injection — ProfileGrid – User Profiles, Groups and CommunitiesCWE-502 8.8 High2025-03-22
CVE-2025-1408 ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.4 - Missing Authorinzation to Authenticated (Subscriber+) Join Group Requests Management — ProfileGrid – User Profiles, Groups and CommunitiesCWE-862 4.3 Medium2025-03-22
CVE-2025-0723 ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.7 - Authenticated (Subscriber+) SQL Injection — ProfileGrid – User Profiles, Groups and CommunitiesCWE-89 6.5 Medium2025-03-22
CVE-2024-13526 EventPrime – Events Calendar, Bookings and Tickets <= 4.0.7.3 - Missing Authorization to Authenticated (Subscriber+) Event Attendees Export — EventPrime – Events Calendar, Bookings and TicketsCWE-862 4.3 Medium2025-03-07
CVE-2025-26999 WordPress ProfileGrid Plugin <= 5.9.4.3 - PHP Object Injection vulnerability — ProfileGridCWE-502 8.8 High2025-03-03
CVE-2024-13740 ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.2 - Insecure Direct Object Reference to Authenticated (Subscriber+) Private Messages Disclosure — ProfileGrid – User Profiles, Groups and CommunitiesCWE-639 4.3 Medium2025-02-18
CVE-2024-13741 ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.2 - Authenticated (Subscriber+) Limited Server-Side Request Forgery — ProfileGrid – User Profiles, Groups and CommunitiesCWE-918 5.4 Medium2025-02-18
CVE-2025-25110 WordPress Event Kikfyre plugin <= 2.1.8 - Broken Access Control vulnerability — Event KikfyreCWE-862 5.4 Medium2025-02-07
CVE-2025-24686 WordPress RegistrationMagic Plugin <= 6.0.3.3 - Reflected Cross Site Scripting (XSS) vulnerability — RegistrationMagicCWE-79 7.1 High2025-01-31
CVE-2024-12024 EventPrime – Events Calendar, Bookings and Tickets <= 4.0.7.3 - Unauthenticated Stored Cross-Site Scripting via Ticket Category and Ticket Type Name — EventPrime – Events Calendar, Bookings and TicketsCWE-79 7.2 High2024-12-17
CVE-2023-49831 WordPress RegistrationMagic plugin <= 5.2.3.0 - Broken Access Control vulnerability — RegistrationMagicCWE-862 9.1 -2024-12-09
CVE-2024-10900 ProfileGrid – User Profiles, Groups and Communities <= 5.9.3.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Meta Deletion — ProfileGrid – User Profiles, Groups and CommunitiesCWE-862 6.5 Medium2024-11-20
CVE-2024-10508 RegistrationMagic – User Registration Plugin with Custom Registration Forms <= 6.0.2.6 - Unauthenticated Privilege Escalation via Password Recovery — RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User LoginCWE-230 9.8 Critical2024-11-09
CVE-2024-9864 EventPrime – Modern Events Calendar, Bookings and Tickets <= 4.0.4.7 - Unauthenticated Stored Cross-Site Scripting — EventPrime – Events Calendar, Bookings and TicketsCWE-79 6.1 Medium2024-10-24
CVE-2024-9865 EventPrime – Modern Events Calendar, Bookings and Tickets <= 4.0.4.7 - Unauthenticated Stored Cross-Site Scripting via Transaction Log — EventPrime – Events Calendar, Bookings and TicketsCWE-79 6.1 Medium2024-10-24
CVE-2024-9829 Download Plugin <= 2.2.0 - Missing Authorization to Authenticated (Subscriber+) User Metadata and Comment Download — Download PluginCWE-862 6.5 Medium2024-10-23
CVE-2024-49273 WordPress ProfileGrid plugin <= 5.9.3 - Cross Site Request Forgery (CSRF) vulnerability — ProfileGridCWE-862 4.3 Medium2024-10-21
CVE-2024-47648 WordPress EventPrime plugin <= 4.0.4.5 - Open Redirection vulnerability — EventPrimeCWE-601 4.7 Medium2024-10-10
CVE-2024-8861 ProfileGrid – User Profiles, Groups and Communities <= 5.9.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting — ProfileGrid – User Profiles, Groups and CommunitiesCWE-79 6.4 Medium2024-09-26
CVE-2024-8369 EventPrime <= 4.0.4.3 - Missing Authorization to Unauthenticated Private or Password-Protected Events Disclosure — EventPrime – Events Calendar, Bookings and TicketsCWE-862 5.3 Medium2024-09-10
CVE-2024-6410 ProfileGrid <= 5.8.9 - Authenticated (Subscriber+) Insecure Direct Object Reference — ProfileGrid – User Profiles, Groups and CommunitiesCWE-639 4.3 Medium2024-07-10
CVE-2024-6411 ProfileGrid – User Profiles, Groups and Communities <= 5.8.9 - Authenticated (Subscriber+) Authorization Bypass to Privilege Escalation — ProfileGrid – User Profiles, Groups and CommunitiesCWE-269 8.8 High2024-07-10
CVE-2023-52117 WordPress ProfileGrid plugin <= 5.6.6 - Broken Access Control vulnerability — ProfileGridCWE-862 4.3 Medium2024-06-12

This page lists every published CVE security advisory associated with metagauss. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.