Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

metagauss — Vulnerabilities & Security Advisories 101

Browse all 101 CVE security advisories affecting metagauss. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Metagauss operates as a cybersecurity firm specializing in automated penetration testing and vulnerability assessment services. Its primary offering involves scanning enterprise networks to identify security weaknesses, providing clients with actionable reports on potential entry points. Historically, the company’s infrastructure and associated platforms have been linked to a significant number of Common Vulnerabilities and Exposures, totaling 101 recorded CVEs. These vulnerabilities predominantly stem from common web application flaws, including remote code execution, cross-site scripting, and improper access control mechanisms. While specific major public incidents involving data breaches directly attributed to Metagauss are not widely documented in mainstream news, the high volume of CVEs suggests systemic issues in their software development lifecycle or third-party dependencies. Security researchers often highlight these findings as cautionary examples of how automated security tools themselves can become attack vectors if not rigorously maintained and patched against known exploit patterns.

Top products by metagauss: ProfileGrid ProfileGrid – User Profiles, Groups and Communities EventPrime – Events Calendar, Bookings and Tickets RegistrationMagic RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login EventPrime Download Plugin Download Theme Event Kikfyre
CVE IDTitleCVSSSeverityPublished
CVE-2026-32498 WordPress RegistrationMagic plugin <= 6.0.7.6 - Broken Access Control vulnerability — RegistrationMagicCWE-862 7.5 High2026-03-25
CVE-2026-25417 WordPress ProfileGrid plugin <= 5.9.8.1 - Cross Site Scripting (XSS) vulnerability — ProfileGridCWE-79 6.5 Medium2026-03-25
CVE-2026-24378 WordPress EventPrime plugin <= 4.2.8.0 - PHP Object Injection vulnerability — EventPrimeCWE-502 9.8 Critical2026-03-25
CVE-2026-24373 WordPress RegistrationMagic plugin <= 6.0.7.1 - Account Takeover vulnerability — RegistrationMagicCWE-266 8.1 High2026-03-25
CVE-2025-69358 WordPress EventPrime plugin <= 4.2.6.0 - Broken Access Control vulnerability — EventPrimeCWE-862 7.5 High2026-03-25
CVE-2026-25312 WordPress EventPrime plugin <= 4.2.8.3 - Payment Bypass vulnerability — EventPrimeCWE-862 7.5 High2026-03-19
CVE-2026-32385 WordPress RegistrationMagic plugin <= 6.0.7.6 - Broken Access Control vulnerability — RegistrationMagicCWE-862 5.4 Medium2026-03-13
CVE-2026-2488 ProfileGrid <= 5.9.8.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Message Deletion — ProfileGrid – User Profiles, Groups and CommunitiesCWE-862 4.3 Medium2026-03-07
CVE-2026-2494 ProfileGrid <= 5.9.8.2 - Cross-Site Request Forgery to Group Membership Request Approval/Denial — ProfileGrid – User Profiles, Groups and CommunitiesCWE-352 4.3 Medium2026-03-07
CVE-2026-25389 WordPress EventPrime plugin <= 4.2.8.3 - Sensitive Data Exposure vulnerability — EventPrimeCWE-497 5.3 Medium2026-02-19
CVE-2025-14444 RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 6.0.6.9 - Unauthenticated Payment Bypass via rm_process_paypal_sdk_payment — RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User LoginCWE-345 5.3 Medium2026-02-18
CVE-2026-1655 EventPrime <= 4.2.8.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Event Modification via 'event_id' Parameter — EventPrime – Events Calendar, Bookings and TicketsCWE-862 4.3 Medium2026-02-18
CVE-2026-1657 EventPrime <= 4.2.8.4 - Missing Authorization to Unauthenticated Image Upload via 'ep_upload_file_media' AJAX Endpoint — EventPrime – Events Calendar, Bookings and TicketsCWE-862 5.3 Medium2026-02-17
CVE-2026-1271 ProfileGrid <= 5.9.7.2 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Profile and Cover Image Modification — ProfileGrid – User Profiles, Groups and CommunitiesCWE-639 5.3 Medium2026-02-05
CVE-2025-13416 ProfileGrid – User Profiles, Groups and Communities <= 5.9.7.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Suspension — ProfileGrid – User Profiles, Groups and CommunitiesCWE-862 4.3 Medium2026-02-05
CVE-2026-1054 RegistrationMagic <= 6.0.7.4 - Missing Authorization to Unauthenticated Arbitrary Settings Modification — RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User LoginCWE-862 5.3 Medium2026-01-28
CVE-2026-24380 WordPress EventPrime plugin <= 4.2.8.0 - Broken Access Control vulnerability — EventPrimeCWE-862 5.3 Medium2026-01-22
CVE-2026-24374 WordPress RegistrationMagic plugin <= 6.0.6.9 - Cross Site Request Forgery (CSRF) vulnerability — RegistrationMagicCWE-352 5.4 Medium2026-01-22
CVE-2025-15403 RegistrationMagic <= 6.0.7.1 - Unauthenticated Privilege Escalation via admin_order — RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User LoginCWE-269 9.8 Critical2026-01-17
CVE-2025-14507 EventPrime - Events Calendar, Bookings and Tickets <= 4.2.7.0 - Unauthenticated Sensitive Information Exposure via REST API — EventPrime – Events Calendar, Bookings and TicketsCWE-200 5.3 Medium2026-01-13
CVE-2025-13610 RegistrationMagic <= 6.0.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'RM_Forms' Shortcode — RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User LoginCWE-79 6.4 Medium2025-12-15
CVE-2025-63007 WordPress EventPrime plugin <= 4.2.4.1 - Sensitive Data Exposure vulnerability — EventPrimeCWE-201 4.3 Medium2025-12-09
CVE-2025-63006 WordPress EventPrime plugin <= 4.2.4.1 - Broken Access Control vulnerability — EventPrimeCWE-862 4.3 Medium2025-12-09
CVE-2025-12498 EventPrime – Events Calendar, Bookings and Tickets <= 4.2.0.0 - Missing Authorization to Authenticated (Subscriber+) Booking Note Creation — EventPrime – Events Calendar, Bookings and TicketsCWE-862 4.3 Medium2025-11-08
CVE-2017-20208 RegistrationMagic - Custom Registration Forms <= 3.7.9.2 - PHP Object Injection — RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User LoginCWE-502 9.8 Critical2025-10-18
CVE-2025-11204 RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 6.0.6.2 - Authenticated (Administrator+) SQL Injection — RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User LoginCWE-89 7.2 High2025-10-08
CVE-2025-4957 WordPress ProfileGrid plugin <= 5.9.5.7 - Reflected Cross Site Scripting (XSS) vulnerability — ProfileGridCWE-79 7.1 High2025-09-26
CVE-2025-49033 WordPress ProfileGrid plugin <= 5.9.5.3 - SQL Injection vulnerability — ProfileGridCWE-89 8.5 High2025-08-14
CVE-2025-49876 WordPress ProfileGrid plugin <= 5.9.5.2 - SQL Injection vulnerability — ProfileGridCWE-89 8.5 High2025-07-16
CVE-2025-6977 ProfileGrid – User Profiles, Groups and Communities <= 5.9.5.4 - Reflected Cross-Site Scripting via 'pm_get_messenger_notification' function — ProfileGrid – User Profiles, Groups and CommunitiesCWE-79 6.1 Medium2025-07-16

This page lists every published CVE security advisory associated with metagauss. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.