Lucene search
K

54 matches found

Positive Technologies
Positive Technologies
added 2025/02/03 12:0 a.m.6 views

PT-2025-1623 · WordPress · Eventer

Name of the Vulnerable Software and Affected Versions: Eventer plugin for WordPress versions prior to 3.9.10 Description: The issue allows unauthorized access to data due to a missing capability check on the eventer export bookings csv function. This enables authenticated attackers with...

6.5CVSS9.4AI score0.00306EPSS
Exploits0References6
Patchstack
Patchstack
added 2025/01/29 10:23 a.m.7 views

WordPress Eventer plugin <= 3.9.8 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by István Márton in WordPress Plugin Eventer versions = 3.9.8...

7.5CVSS8.1AI score0.00446EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2025/01/28 5:15 a.m.32 views

CVE-2024-11135

The Eventer plugin for WordPress is vulnerable to SQL Injection via the 'event' parameter in the 'eventergetattendees' function in all versions up to, and including, 3.9.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. Thi...

7.5CVSS0.00446EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/01/28 4:21 a.m.8 views

CVE-2024-11135 Eventer <= 3.9.8 - Unauthenticated SQL Injection via eventer_get_attendees

The Eventer plugin for WordPress is vulnerable to SQL Injection via the 'event' parameter in the 'eventergetattendees' function in all versions up to, and including, 3.9.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. Thi...

7.5CVSS7.2AI score0.00446EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/01/28 4:21 a.m.22 views

CVE-2024-11135 Eventer <= 3.9.8 - Unauthenticated SQL Injection via eventer_get_attendees

The Eventer plugin for WordPress is vulnerable to SQL Injection via the 'event' parameter in the 'eventergetattendees' function in all versions up to, and including, 3.9.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. Thi...

7.5CVSS0.00446EPSS
Exploits0References2
CVE
CVE
added 2025/01/28 4:21 a.m.56 views

CVE-2024-11135

CVE-2024-11135 — Eventer (WordPress) SQL Injection : The WordPress Eventer plugin (up to version 3.9.8) is vulnerable to unauthenticated SQL injection via the event parameter in the eventer_get_attendees function. The issue stems from insufficient escaping and lack of prepared statements in the S...

7.5CVSS7.6AI score0.00446EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2025/01/28 12:0 a.m.9 views

WordPress plugin Eventer SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

7.5CVSS9.2AI score0.00446EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/01/28 12:0 a.m.5 views

PT-2025-1624 · WordPress · Eventer

Name of the Vulnerable Software and Affected Versions: Eventer plugin for WordPress versions up to, and including, 3.9.8 Description: The issue concerns a SQL injection vulnerability via the event parameter in the eventer get attendees function. This vulnerability is due to insufficient escaping ...

7.5CVSS9.7AI score0.00446EPSS
Exploits0References9
OSV
OSV
added 2025/01/17 6:15 a.m.5 views

CVE-2024-10799

The Eventer plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.9.7 via the eventerwoodownloadtickets function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the...

6.5CVSS5.9AI score0.00714EPSS
Exploits0References2
NVD
NVD
added 2025/01/17 6:15 a.m.11 views

CVE-2024-10799

The Eventer plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.9.7 via the eventerwoodownloadtickets function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the...

6.5CVSS0.00714EPSS
Exploits0References2
CVE
CVE
added 2025/01/17 5:29 a.m.58 views

CVE-2024-10799

CVE-2024-10799: Eventer (WordPress Event & Booking Manager Plugin)

6.5CVSS6.2AI score0.00714EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/01/17 5:29 a.m.6 views

CVE-2024-10799 Eventer <= 3.9.7 - Authenticated (Subscriber+) Arbitrary File Read

The Eventer plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.9.7 via the eventerwoodownloadtickets function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the...

6.5CVSS6.9AI score0.00714EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/01/17 5:29 a.m.19 views

CVE-2024-10799 Eventer <= 3.9.7 - Authenticated (Subscriber+) Arbitrary File Read

The Eventer plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.9.7 via the eventerwoodownloadtickets function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the...

6.5CVSS0.00714EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/01/16 7:25 p.m.4 views

WordPress Eventer plugin <= 3.9.7 - Authenticated (Subscriber+) Arbitrary File Read vulnerability

Authenticated Subscriber+ Arbitrary File Read vulnerability discovered by Tonn in WordPress Plugin Eventer versions = 3.9.7...

6.5CVSS7AI score0.00714EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder