54 matches found
PT-2025-1623 · WordPress · Eventer
Name of the Vulnerable Software and Affected Versions: Eventer plugin for WordPress versions prior to 3.9.10 Description: The issue allows unauthorized access to data due to a missing capability check on the eventer export bookings csv function. This enables authenticated attackers with...
WordPress Eventer plugin <= 3.9.8 - Unauthenticated SQL Injection vulnerability
Unauthenticated SQL Injection vulnerability discovered by István Márton in WordPress Plugin Eventer versions = 3.9.8...
CVE-2024-11135
The Eventer plugin for WordPress is vulnerable to SQL Injection via the 'event' parameter in the 'eventergetattendees' function in all versions up to, and including, 3.9.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. Thi...
CVE-2024-11135 Eventer <= 3.9.8 - Unauthenticated SQL Injection via eventer_get_attendees
The Eventer plugin for WordPress is vulnerable to SQL Injection via the 'event' parameter in the 'eventergetattendees' function in all versions up to, and including, 3.9.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. Thi...
CVE-2024-11135 Eventer <= 3.9.8 - Unauthenticated SQL Injection via eventer_get_attendees
The Eventer plugin for WordPress is vulnerable to SQL Injection via the 'event' parameter in the 'eventergetattendees' function in all versions up to, and including, 3.9.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. Thi...
CVE-2024-11135
CVE-2024-11135 — Eventer (WordPress) SQL Injection : The WordPress Eventer plugin (up to version 3.9.8) is vulnerable to unauthenticated SQL injection via the event parameter in the eventer_get_attendees function. The issue stems from insufficient escaping and lack of prepared statements in the S...
WordPress plugin Eventer SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...
PT-2025-1624 · WordPress · Eventer
Name of the Vulnerable Software and Affected Versions: Eventer plugin for WordPress versions up to, and including, 3.9.8 Description: The issue concerns a SQL injection vulnerability via the event parameter in the eventer get attendees function. This vulnerability is due to insufficient escaping ...
CVE-2024-10799
The Eventer plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.9.7 via the eventerwoodownloadtickets function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the...
CVE-2024-10799
The Eventer plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.9.7 via the eventerwoodownloadtickets function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the...
CVE-2024-10799
CVE-2024-10799: Eventer (WordPress Event & Booking Manager Plugin)
CVE-2024-10799 Eventer <= 3.9.7 - Authenticated (Subscriber+) Arbitrary File Read
The Eventer plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.9.7 via the eventerwoodownloadtickets function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the...
CVE-2024-10799 Eventer <= 3.9.7 - Authenticated (Subscriber+) Arbitrary File Read
The Eventer plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.9.7 via the eventerwoodownloadtickets function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the...
WordPress Eventer plugin <= 3.9.7 - Authenticated (Subscriber+) Arbitrary File Read vulnerability
Authenticated Subscriber+ Arbitrary File Read vulnerability discovered by Tonn in WordPress Plugin Eventer versions = 3.9.7...