Lucene search
K

452 matches found

RedhatCVE
RedhatCVE
added 2025/06/23 8:40 a.m.10 views

CVE-2025-49980

Missing Authorization vulnerability in WP Event Manager WP User Profile Avatar wp-user-profile-avatar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Profile Avatar: from n/a through = 1.0.6...

4.3CVSS5.9AI score0.00242EPSS
Exploits0References1
NVD
NVD
added 2025/06/20 3:15 p.m.11 views

CVE-2025-49980

Missing Authorization vulnerability in WP Event Manager WP User Profile Avatar wp-user-profile-avatar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Profile Avatar: from n/a through = 1.0.6...

4.3CVSS0.00242EPSS
Exploits0References1
CVE
CVE
added 2025/06/20 3:4 p.m.20 views

CVE-2025-49980

CVE-2025-49980 concerns the WordPress plugin WP User Profile Avatar (affected: versions up to 1.0.6) and is a Missing Authorization / broken access control vulnerability. The CVE describes an exposure where access control is misconfigured, enabling exploitation via unauthorized actions. Public so...

4.3CVSS5.9AI score0.00242EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/06/20 12:0 a.m.5 views

PT-2025-26348 · WordPress +1 · Wp User Profile Avatar +1

Name of the Vulnerable Software and Affected Versions: WP User Profile Avatar versions 1.0.0 through 1.0.6 Description: The issue is related to a Missing Authorization vulnerability in WP Event Manager WP User Profile Avatar, which allows exploiting incorrectly configured access control security...

4.3CVSS6.1AI score0.00242EPSS
Exploits0References4
CNVD
CNVD
added 2025/06/13 12:0 a.m.3 views

WordPress WP Event Manager Improper Filename Control Vulnerability

WordPress WP Event Manager is an event management plugin designed specifically for WordPress that allows users to create, manage and promote various types of events including conferences, seminars, exhibitions, parties and more. A filename miscontrol vulnerability exists in WordPress WP Event...

8.1CVSS7.9AI score0.00434EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/06/11 4:3 p.m.6 views

CVE-2025-48125

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in WP Event Manager WP Event Manager wp-event-manager allows PHP Local File Inclusion.This issue affects WP Event Manager: from n/a through = 3.1.51...

8.1CVSS5.9AI score0.00434EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/06/09 7:10 p.m.7 views

WordPress WpEvently plugin <= 4.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by siavashvafshar in WordPress Plugin WpEvently versions = 4.4.2...

6.4CVSS5.5AI score0.00216EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2025/06/09 4:15 p.m.11 views

CVE-2025-48125

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in WP Event Manager WP Event Manager wp-event-manager allows PHP Local File Inclusion.This issue affects WP Event Manager: from n/a through = 3.1.51...

8.1CVSS0.00434EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/09 3:54 p.m.10 views

CVE-2025-48125 WordPress WP Event Manager plugin <= 3.1.51 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in WP Event Manager WP Event Manager wp-event-manager allows PHP Local File Inclusion.This issue affects WP Event Manager: from n/a through = 3.1.51...

8.1CVSS0.00434EPSS
Exploits0References1
CVE
CVE
added 2025/06/09 3:54 p.m.60 views

CVE-2025-48125

WP Event Manager plugin for WordPress (versions 3.1.49 and earlier) is affected by CVE-2025-48125 due to improper control of filename for include/require in a PHP program, enabling Local File Inclusion (LFI) / PHP Remote File Inclusion under a PHP context. Exploitation context indicates a remote ...

8.1CVSS5.9AI score0.00434EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/06/09 12:0 a.m.5 views

PT-2025-24514 · WordPress · Wp Event Manager

Name of the Vulnerable Software and Affected Versions: WP Event Manager versions 3.1.49 and earlier Description: The issue affects WP Event Manager, allowing PHP Local File Inclusion due to improper control of filename for include/require statement in PHP program, also known as 'PHP Remote File...

8.1CVSS6.5AI score0.00434EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/06/09 12:0 a.m.5 views

WordPress plugin WP Event Manager 安全漏洞

WordPress WP Event Manager is an event management plugin designed specifically for WordPress that allows users to create, manage and promote various types of events including conferences, seminars, exhibitions, parties and more. A filename miscontrol vulnerability exists in WordPress WP Event...

8.1CVSS7.3AI score0.00434EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:26 a.m.6 views

CVE-2024-49703

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in magepeopleteam WpEvently mage-eventpress.This issue affects WpEvently: from n/a through = 4.2.5...

6.5CVSS5.9AI score0.00235EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:22 a.m.13 views

CVE-2024-1122

The Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportdata function in all versions up to, and including, 3.3.50. This makes it possible for unauthenticated...

5.3CVSS6.7AI score0.00471EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:25 a.m.8 views

CVE-2024-0976

The WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the plugin parameter in all versions up to, and including, 3.1.41 due to insufficient input sanitization and output escaping. This makes it...

6.1CVSS6.4AI score0.00592EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:14 a.m.8 views

CVE-2024-53721

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Stachethemes Advanced Event Manager advanced-event-manager allows Stored XSS.This issue affects Advanced Event Manager: from n/a through = 1.1.6...

6.5CVSS7.2AI score0.003EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:2 a.m.5 views

CVE-2023-28422

Auth. admin+ Stored Cross-site Scripting XSS vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce = 3.8.6. versions...

5.9CVSS5.9AI score0.00369EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:54 a.m.6 views

CVE-2023-4423

The WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.1.37.1 due to insufficient input sanitization and output escaping. This makes it possible f...

4.8CVSS6AI score0.0051EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:39 a.m.8 views

CVE-2023-0144

The Event Manager and Tickets Selling Plugin for WooCommerce WordPress plugin before 3.8.0 does not validate and escape some of its post meta before outputting them back in a page/post, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.5AI score0.00477EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:23 a.m.9 views

CVE-2023-52118

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Event Manager WP User Profile Avatar allows Stored XSS.This issue affects WP User Profile Avatar: from n/a through 1.0...

6.5CVSS6.7AI score0.00328EPSS
Exploits0References1
Rows per page
Query Builder