Event Monster <= 1.4.3 - Information Exposure Via Visitors List Export

The Event Monster Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.3 via the Visitors List Export file. During the export, a CSV file is created in the wp-content folder with a hardcoded filename...

CVE-2026-8608

The Event Monster – Event Management, Events Calendar, Tickets plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to, and including, 2.1.0. This is due to the capturepayment AJAX handler registered via wpajaxnoprivemcapturepayment trusting...

CVE-2026-8608

The Event Monster – Event Management, Events Calendar, Tickets plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to, and including, 2.1.0. This is due to the capturepayment AJAX handler registered via wpajaxnoprivemcapturepayment trusting...

WordPress plugin Event Monster – Event Management, Events Calendar, Tickets 数据伪造问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

CVE-2026-8608 Event Monster <= 2.1.0 - Unauthenticated Insufficient Verification of Data Authenticity to Payment Bypass via em_capture_payment AJAX Action

The Event Monster – Event Management, Events Calendar, Tickets plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to, and including, 2.1.0. This is due to the capturepayment AJAX handler registered via wpajaxnoprivemcapturepayment trusting...

CVE-2026-8608 Event Monster <= 2.1.0 - Unauthenticated Insufficient Verification of Data Authenticity to Payment Bypass via em_capture_payment AJAX Action

The Event Monster – Event Management, Events Calendar, Tickets plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to, and including, 2.1.0. This is due to the capturepayment AJAX handler registered via wpajaxnoprivemcapturepayment trusting...

CVE-2026-8608

The CVE affects the WordPress plugin “Event Monster” (Event Monster – Event Management, Events Calendar, Tickets) up to version 2.1.0. The root cause is Insufficient Verification of Data Authenticity in the capture_payment() AJAX handler (wp_ajax_nopriv_em_capture_payment), which trusts client-su...

EUVD-2022-42723

Malicious code in bioql PyPI...

EUVD-2024-17617

Malicious code in bioql PyPI...

EUVD-2022-43077

Malicious code in bioql PyPI...

CVE-2022-3336

The Event Monster WordPress plugin before 1.2.0 does not have CSRF check when deleting visitors, which could allow attackers to make logged in admin delete arbitrary visitors via a CSRF attack...

WordPress Event Monster 1.4.3 Information Disclosure Vulnerability

CVE-2024-11396 Event monster = 1.4.3 - Information Exposure Via Visitors List Export Description The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.3 via the Visitors List Expor...

CVE-2024-11396

The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.3 via the Visitors List Export file. During the export, a CSV file is created in the wp-content folder with a hardcoded filena...

WordPress Event Monster 1.4.3 Information Disclosure

WordPress Event Monster plugin versions 1.4.3 and below suffer from an information disclosure vulnerability. CVE-2024-11396 Event monster = 1.4.3 - Information Exposure Via Visitors List Export Description The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress ...

CVE-2024-11396 Event monster <= 1.4.3 - Information Exposure Via Visitors List Export

The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.3 via the Visitors List Export file. During the export, a CSV file is created in the wp-content folder with a hardcoded filena...

CVE-2024-11396

CVE-2024-11396 : The WordPress plugin Event Monster – Event Management, Tickets Booking, Upcoming Event (versions up to 1.4.3) allows information exposure via the Visitors List Export. During export, a CSV is created in wp-content with a public filename, letting unauthenticated attackers access v...

CVE-2024-11396 Event monster <= 1.4.3 - Information Exposure Via Visitors List Export

The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.3 via the Visitors List Export file. During the export, a CSV file is created in the wp-content folder with a hardcoded filena...

WordPress plugin Event Monster 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...

CVE-2024-5059 WordPress Event Monster Plugin <= 1.4.0 - Sensitive Data Exposure vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in A WP Life Event Management Tickets Booking.This issue affects Event Management Tickets Booking: from n/a through 1.4.0...

WordPress Event Monster Plugin <= 1.4.3 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Muhammad Daffa Patchstack Alliance in WordPress Plugin Event Management Tickets Booking versions = 1.4.3...