452 matches found
CVE-2025-49980
Missing Authorization vulnerability in WP Event Manager WP User Profile Avatar wp-user-profile-avatar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Profile Avatar: from n/a through = 1.0.6...
CVE-2025-49980
Missing Authorization vulnerability in WP Event Manager WP User Profile Avatar wp-user-profile-avatar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Profile Avatar: from n/a through = 1.0.6...
CVE-2025-49980
CVE-2025-49980 concerns the WordPress plugin WP User Profile Avatar (affected: versions up to 1.0.6) and is a Missing Authorization / broken access control vulnerability. The CVE describes an exposure where access control is misconfigured, enabling exploitation via unauthorized actions. Public so...
PT-2025-26348 · WordPress +1 · Wp User Profile Avatar +1
Name of the Vulnerable Software and Affected Versions: WP User Profile Avatar versions 1.0.0 through 1.0.6 Description: The issue is related to a Missing Authorization vulnerability in WP Event Manager WP User Profile Avatar, which allows exploiting incorrectly configured access control security...
WordPress WP Event Manager Improper Filename Control Vulnerability
WordPress WP Event Manager is an event management plugin designed specifically for WordPress that allows users to create, manage and promote various types of events including conferences, seminars, exhibitions, parties and more. A filename miscontrol vulnerability exists in WordPress WP Event...
CVE-2025-48125
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in WP Event Manager WP Event Manager wp-event-manager allows PHP Local File Inclusion.This issue affects WP Event Manager: from n/a through = 3.1.51...
WordPress WpEvently plugin <= 4.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by siavashvafshar in WordPress Plugin WpEvently versions = 4.4.2...
CVE-2025-48125
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in WP Event Manager WP Event Manager wp-event-manager allows PHP Local File Inclusion.This issue affects WP Event Manager: from n/a through = 3.1.51...
CVE-2025-48125 WordPress WP Event Manager plugin <= 3.1.51 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in WP Event Manager WP Event Manager wp-event-manager allows PHP Local File Inclusion.This issue affects WP Event Manager: from n/a through = 3.1.51...
CVE-2025-48125
WP Event Manager plugin for WordPress (versions 3.1.49 and earlier) is affected by CVE-2025-48125 due to improper control of filename for include/require in a PHP program, enabling Local File Inclusion (LFI) / PHP Remote File Inclusion under a PHP context. Exploitation context indicates a remote ...
PT-2025-24514 · WordPress · Wp Event Manager
Name of the Vulnerable Software and Affected Versions: WP Event Manager versions 3.1.49 and earlier Description: The issue affects WP Event Manager, allowing PHP Local File Inclusion due to improper control of filename for include/require statement in PHP program, also known as 'PHP Remote File...
WordPress plugin WP Event Manager 安全漏洞
WordPress WP Event Manager is an event management plugin designed specifically for WordPress that allows users to create, manage and promote various types of events including conferences, seminars, exhibitions, parties and more. A filename miscontrol vulnerability exists in WordPress WP Event...
CVE-2024-49703
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in magepeopleteam WpEvently mage-eventpress.This issue affects WpEvently: from n/a through = 4.2.5...
CVE-2024-1122
The Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportdata function in all versions up to, and including, 3.3.50. This makes it possible for unauthenticated...
CVE-2024-0976
The WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the plugin parameter in all versions up to, and including, 3.1.41 due to insufficient input sanitization and output escaping. This makes it...
CVE-2024-53721
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Stachethemes Advanced Event Manager advanced-event-manager allows Stored XSS.This issue affects Advanced Event Manager: from n/a through = 1.1.6...
CVE-2023-28422
Auth. admin+ Stored Cross-site Scripting XSS vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce = 3.8.6. versions...
CVE-2023-4423
The WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.1.37.1 due to insufficient input sanitization and output escaping. This makes it possible f...
CVE-2023-0144
The Event Manager and Tickets Selling Plugin for WooCommerce WordPress plugin before 3.8.0 does not validate and escape some of its post meta before outputting them back in a page/post, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-52118
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Event Manager WP User Profile Avatar allows Stored XSS.This issue affects WP User Profile Avatar: from n/a through 1.0...