Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Metagauss — Vulnerabilities & Security Advisories 101

Browse all 101 CVE security advisories affecting Metagauss. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Metagauss operates as a cybersecurity firm specializing in automated penetration testing and vulnerability assessment services. Its primary offering involves scanning enterprise networks to identify security weaknesses, providing clients with actionable reports on potential entry points. Historically, the company’s infrastructure and associated platforms have been linked to a significant number of Common Vulnerabilities and Exposures, totaling 101 recorded CVEs. These vulnerabilities predominantly stem from common web application flaws, including remote code execution, cross-site scripting, and improper access control mechanisms. While specific major public incidents involving data breaches directly attributed to Metagauss are not widely documented in mainstream news, the high volume of CVEs suggests systemic issues in their software development lifecycle or third-party dependencies. Security researchers often highlight these findings as cautionary examples of how automated security tools themselves can become attack vectors if not rigorously maintained and patched against known exploit patterns.

Top products by Metagauss: ProfileGrid ProfileGrid – User Profiles, Groups and Communities EventPrime – Events Calendar, Bookings and Tickets RegistrationMagic RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login EventPrime Download Plugin Download Theme Event Kikfyre
CVE IDTitleCVSSSeverityPublished
CVE-2025-6586 Download Plugin <= 2.2.8 - Authenticated (Administrator+) Arbitrary File Upload — Download PluginCWE-434 7.2 High2025-07-04
CVE-2025-52719 WordPress ProfileGrid plugin <= 5.9.5.2 - Full Path Disclosure (FPD) Vulnerability — ProfileGridCWE-497 4.3 Medium2025-06-20
CVE-2025-49877 WordPress ProfileGrid plugin <= 5.9.5.2 - Server Side Request Forgery (SSRF) Vulnerability — ProfileGridCWE-918 4.9 Medium2025-06-17
CVE-2025-47478 WordPress ProfileGrid plugin <= 5.9.5.0 - SQL Injection Vulnerability — ProfileGridCWE-89 8.5 High2025-05-23
CVE-2025-48079 WordPress ProfileGrid plugin <= 5.9.5.1 - Broken Access Control Vulnerability — ProfileGridCWE-862 4.3 Medium2025-05-16
CVE-2025-39586 WordPress ProfileGrid plugin <= 5.9.4.8 - SQL Injection Vulnerability — ProfileGridCWE-89 8.5 High2025-04-17
CVE-2025-2836 RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 6.0.4.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting — RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User LoginCWE-79 6.4 Medium2025-04-04
CVE-2025-0724 ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.5 - Authenticated (Subscriber+) PHP Object Injection — ProfileGrid – User Profiles, Groups and CommunitiesCWE-502 8.8 High2025-03-22
CVE-2025-1408 ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.4 - Missing Authorinzation to Authenticated (Subscriber+) Join Group Requests Management — ProfileGrid – User Profiles, Groups and CommunitiesCWE-862 4.3 Medium2025-03-22
CVE-2025-0723 ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.7 - Authenticated (Subscriber+) SQL Injection — ProfileGrid – User Profiles, Groups and CommunitiesCWE-89 6.5 Medium2025-03-22
CVE-2024-13526 EventPrime – Events Calendar, Bookings and Tickets <= 4.0.7.3 - Missing Authorization to Authenticated (Subscriber+) Event Attendees Export — EventPrime – Events Calendar, Bookings and TicketsCWE-862 4.3 Medium2025-03-07
CVE-2025-26999 WordPress ProfileGrid Plugin <= 5.9.4.3 - PHP Object Injection vulnerability — ProfileGridCWE-502 8.8 High2025-03-03
CVE-2024-13740 ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.2 - Insecure Direct Object Reference to Authenticated (Subscriber+) Private Messages Disclosure — ProfileGrid – User Profiles, Groups and CommunitiesCWE-639 4.3 Medium2025-02-18
CVE-2024-13741 ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.2 - Authenticated (Subscriber+) Limited Server-Side Request Forgery — ProfileGrid – User Profiles, Groups and CommunitiesCWE-918 5.4 Medium2025-02-18
CVE-2025-25110 WordPress Event Kikfyre plugin <= 2.1.8 - Broken Access Control vulnerability — Event KikfyreCWE-862 5.4 Medium2025-02-07
CVE-2025-24686 WordPress RegistrationMagic Plugin <= 6.0.3.3 - Reflected Cross Site Scripting (XSS) vulnerability — RegistrationMagicCWE-79 7.1 High2025-01-31
CVE-2024-12024 EventPrime – Events Calendar, Bookings and Tickets <= 4.0.7.3 - Unauthenticated Stored Cross-Site Scripting via Ticket Category and Ticket Type Name — EventPrime – Events Calendar, Bookings and TicketsCWE-79 7.2 High2024-12-17
CVE-2023-49831 WordPress RegistrationMagic plugin <= 5.2.3.0 - Broken Access Control vulnerability — RegistrationMagicCWE-862 7.5 High2024-12-09
CVE-2024-10900 ProfileGrid – User Profiles, Groups and Communities <= 5.9.3.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Meta Deletion — ProfileGrid – User Profiles, Groups and CommunitiesCWE-862 6.5 Medium2024-11-20
CVE-2024-10508 RegistrationMagic – User Registration Plugin with Custom Registration Forms <= 6.0.2.6 - Unauthenticated Privilege Escalation via Password Recovery — RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User LoginCWE-230 9.8 Critical2024-11-09
CVE-2024-9864 EventPrime – Modern Events Calendar, Bookings and Tickets <= 4.0.4.7 - Unauthenticated Stored Cross-Site Scripting — EventPrime – Events Calendar, Bookings and TicketsCWE-79 6.1 Medium2024-10-24
CVE-2024-9865 EventPrime – Modern Events Calendar, Bookings and Tickets <= 4.0.4.7 - Unauthenticated Stored Cross-Site Scripting via Transaction Log — EventPrime – Events Calendar, Bookings and TicketsCWE-79 6.1 Medium2024-10-24
CVE-2024-9829 Download Plugin <= 2.2.0 - Missing Authorization to Authenticated (Subscriber+) User Metadata and Comment Download — Download PluginCWE-862 6.5 Medium2024-10-23
CVE-2024-49273 WordPress ProfileGrid plugin <= 5.9.3 - Cross Site Request Forgery (CSRF) vulnerability — ProfileGridCWE-862 4.3 Medium2024-10-21
CVE-2024-47648 WordPress EventPrime plugin <= 4.0.4.5 - Open Redirection vulnerability — EventPrimeCWE-601 4.7 Medium2024-10-10
CVE-2024-8861 ProfileGrid – User Profiles, Groups and Communities <= 5.9.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting — ProfileGrid – User Profiles, Groups and CommunitiesCWE-79 6.4 Medium2024-09-26
CVE-2024-8369 EventPrime <= 4.0.4.3 - Missing Authorization to Unauthenticated Private or Password-Protected Events Disclosure — EventPrime – Events Calendar, Bookings and TicketsCWE-862 5.3 Medium2024-09-10
CVE-2024-6410 ProfileGrid <= 5.8.9 - Authenticated (Subscriber+) Insecure Direct Object Reference — ProfileGrid – User Profiles, Groups and CommunitiesCWE-639 4.3 Medium2024-07-10
CVE-2024-6411 ProfileGrid – User Profiles, Groups and Communities <= 5.8.9 - Authenticated (Subscriber+) Authorization Bypass to Privilege Escalation — ProfileGrid – User Profiles, Groups and CommunitiesCWE-269 8.8 High2024-07-10
CVE-2023-52117 WordPress ProfileGrid plugin <= 5.6.6 - Broken Access Control vulnerability — ProfileGridCWE-862 4.3 Medium2024-06-12

This page lists every published CVE security advisory associated with Metagauss. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.