Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Metagauss — Vulnerabilities & Security Advisories 101

Browse all 101 CVE security advisories affecting Metagauss. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Metagauss operates as a cybersecurity firm specializing in automated penetration testing and vulnerability assessment services. Its primary offering involves scanning enterprise networks to identify security weaknesses, providing clients with actionable reports on potential entry points. Historically, the company’s infrastructure and associated platforms have been linked to a significant number of Common Vulnerabilities and Exposures, totaling 101 recorded CVEs. These vulnerabilities predominantly stem from common web application flaws, including remote code execution, cross-site scripting, and improper access control mechanisms. While specific major public incidents involving data breaches directly attributed to Metagauss are not widely documented in mainstream news, the high volume of CVEs suggests systemic issues in their software development lifecycle or third-party dependencies. Security researchers often highlight these findings as cautionary examples of how automated security tools themselves can become attack vectors if not rigorously maintained and patched against known exploit patterns.

Top products by Metagauss: ProfileGrid ProfileGrid – User Profiles, Groups and Communities EventPrime – Events Calendar, Bookings and Tickets RegistrationMagic RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login EventPrime Download Plugin Download Theme Event Kikfyre
CVE IDTitleCVSSSeverityPublished
CVE-2024-1123 EventPrime – Events Calendar, Bookings and Tickets <= 3.4.2 - Missing Authorization to Arbitrary Post Overwrite — EventPrime – Events Calendar, Bookings and TicketsCWE-862 6.5 Medium2024-03-09
CVE-2024-1124 EventPrime – Events Calendar, Bookings and Tickets <= 3.4.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Sending — EventPrime – Events Calendar, Bookings and TicketsCWE-862 4.3 Medium2024-03-09
CVE-2023-51509 WordPress RegistrationMagic Plugin <= 5.2.4.1 is vulnerable to Cross Site Scripting (XSS) — RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User LoginCWE-79 7.1 High2024-02-01
CVE-2023-3404 ProfileGrid <= 5.5.0 - Hardcoded Encryption Key — ProfileGrid – User Profiles, Groups and CommunitiesCWE-321 4.9 Medium2023-08-31
CVE-2023-3714 ProfileGrid <= 5.5.2 - Missing Authorization to Arbitrary Group Option Modification and Privilege Escalation — ProfileGrid – User Profiles, Groups and CommunitiesCWE-862 7.5 High2023-07-18
CVE-2023-3403 ProfileGrid <= 5.5.1 - Missing Authorization to User Import — ProfileGrid – User Profiles, Groups and CommunitiesCWE-862 5.4 Medium2023-07-18
CVE-2023-3713 ProfileGrid <= 5.5.1 - Authenticated (Subscriber+) Arbitrary Option Update — ProfileGrid – User Profiles, Groups and CommunitiesCWE-862 8.8 High2023-07-18
CVE-2022-38062 WordPress Download Theme Plugin <= 1.0.9 is vulnerable to Cross Site Request Forgery (CSRF) — Download ThemeCWE-352 4.3 Medium2023-07-17
CVE-2022-36345 WordPress Download Plugin Plugin <= 2.0.4 is vulnerable to Cross Site Request Forgery (CSRF) — Download PluginCWE-352 4.3 Medium2023-05-28
CVE-2023-2548 RegistrationMagic <= 5.2.0.5 - Authenticated (Admin+) Insecure Direct Object Reference to Arbitrary User Password Change — RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User LoginCWE-639 6.6 Medium2023-05-16
CVE-2023-2499 RegistrationMagic <= 5.2.1.0 - Authentication Bypass — RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User LoginCWE-288 9.8 Critical2023-05-16

This page lists every published CVE security advisory associated with Metagauss. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.