205 matches found
WordPress plugin Eventin 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...
PT-2024-28585 · Eventin · Eventin
Name of the Vulnerable Software and Affected Versions: Eventin versions n/a through 4.0.5 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. Recommendations: For versions n/a...
CVE-2024-37507
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Themewinter Eventin allows Stored XSS.This issue affects Eventin: from n/a through 3.3.57...
CVE-2024-37507
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Themewinter Eventin allows Stored XSS.This issue affects Eventin: from n/a through 3.3.57...
CVE-2024-37507 WordPress Eventin plugin <= 3.3.57 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Themewinter Eventin allows Stored XSS.This issue affects Eventin: from n/a through 3.3.57...
CVE-2024-37507
CVE-2024-37507 is a stored XSS in the Themewinter Eventin WordPress plugin, affecting Eventin versions up to 3.3.57. Root cause: Improper neutralization of input during web page generation. Exploitation requires authentication; impact is stored XSS on affected pages. Remediation: update to a fixe...
CVE-2024-37507 WordPress Eventin plugin <= 3.3.57 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Themewinter Eventin allows Stored XSS.This issue affects Eventin: from n/a through 3.3.57...
PT-2024-27613 · Eventin · Eventin
Name of the Vulnerable Software and Affected Versions: Eventin versions 3.3.57 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. Recommendations: For versions...
CVE-2024-6033
The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to unauthorized data importation due to a missing capability check on the 'importfile' function in all versions up to, and including, 4.0.4. This makes it possible for authenticated attackers,...
CVE-2024-6033
The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to unauthorized data importation due to a missing capability check on the 'importfile' function in all versions up to, and including, 4.0.4. This makes it possible for authenticated attackers,...
CVE-2024-6033
CVE-2024-6033 concerns WordPress plugin Eventin (Event Manager, Events Calendar, Tickets, Registrations). The advisory states a missing capability check on the import_file function across all versions up to and including 4.0.4, enabling authenticated attackers with Contributor-level access and ab...
WordPress Eventin plugin <= 4.0.4 - Missing Authorization to Authenticated (Contributor+) Event Data Import vulnerability
Missing Authorization to Authenticated Contributor+ Event Data Import vulnerability discovered by Peter Thaleikis in WordPress Plugin Eventin versions = 4.0.4...
WordPress Eventin Plugin <= 4.0.4 is vulnerable to Broken Access Control
Software Eventin Type Plugin Vulnerable versions = 4.0.4 Fixed in 4.0.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-6033 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7a6bb73df9d9 Credits Peter Thaleikis Required privilege...
PT-2024-37332 · WordPress · Eventin
Name of the Vulnerable Software and Affected Versions: Eventin plugin for WordPress versions up to, and including, 4.0.4 Description: The issue is related to unauthorized data importation due to a missing capability check on the import file function. This allows authenticated attackers with...
WordPress Eventin plugin <= 3.3.57 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by justakazh Patchstack Alliance in WordPress Plugin Eventin versions = 3.3.57...
WordPress Eventin Plugin <= 3.3.57 is vulnerable to Cross Site Scripting (XSS)
Software Eventin Type Plugin Vulnerable versions = 3.3.57 Fixed in 4.0.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37507 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 0209c1693be3 Credits justakazh Required privilege Author Published...
WordPress Eventin Plugin <= 3.3.50 is vulnerable to Broken Access Control
Software Eventin Type Plugin Vulnerable versions = 3.3.50 Fixed in 3.3.51 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1122 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID a2c7fec8c772 Credits Francesco Carlucci Required privileg...
CVE-2024-1122
The Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportdata function in all versions up to, and including, 3.3.50. This makes it possible for unauthenticated...
Design/Logic Flaw
The Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportdata function in all versions up to, and including, 3.3.50. This makes it possible for unauthenticated...
CVE-2024-1122 Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin <= 3.3.50 - Missing Authorization to Unauthenticated Events Export
The Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportdata function in all versions up to, and including, 3.3.50. This makes it possible for unauthenticated...