CVE-2025-7813 Event Manager, Events Calendar, Booking, Registrations and Tickets – Eventin <= 4.0.37 - Unauthenticated Server-Side Request Forgery

The Events Calendar, Event Booking, Registrations and Event Tickets – Eventin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.37 via the proxyimage function. This makes it possible for unauthenticated attackers to make web requests to...

PT-2025-34519 · WordPress · Eventin

Name of the Vulnerable Software and Affected Versions: Eventin plugin for WordPress versions through 4.0.37 Description: The Eventin plugin for WordPress is susceptible to Server-Side Request Forgery SSRF via the proxy image function. This allows unauthenticated attackers to make web requests to...

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the redirect parameter in Commerce Catalogs. An attacker can perform administrative actions, execute arbitrary code, and alter user settings by convincing a user to follow a malicious link. Remediatio...

Exploit for CVE-2024-7703

CVE-2024-7703 markdown CVE-2024-7703 Exploit: Stored Cros...

PT-2024-38523 · Armember · Armember

Name of the Vulnerable Software and Affected Versions: The ARMember – Membership Plugin versions up to, and including, 4.0.37 Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allows authenticated...

CVE-2014-1832

Phusion Passenger 4.0.37 allows local users to write to certain files and directories via a symlink attack on 1 controlprocess.pid or a 2 generation- file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1831...

CVE-2014-1832

Phusion Passenger 4.0.37 allows local users to write to certain files and directories via a symlink attack on 1 controlprocess.pid or a 2 generation- file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1831...

CVE-2014-1831

Phusion Passenger before 4.0.37 allows local users to write to certain files and directories via a symlink attack on 1 controlprocess.pid or a 2 generation- file...

CVE-2014-1832

Phusion Passenger 4.0.37 allows local users to write to certain files and directories via a symlink attack on 1 controlprocess.pid or a 2 generation- file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1831...

CVE-2014-1832

Phusion Passenger 4.0.37 allows local users to write to certain files and directories via a symlink attack on 1 controlprocess.pid or a 2 generation- file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1831...

CVE-2014-1831 CVE-2014-1832 rubygem-passenger: insecure use of temporary files

'Phusion Passenger 4.0.37 allows local users to write to certain files and directories via a symlink attack on 1 controlprocess.pid or a 2 generation- file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1831.'...