Lucene search
K

205 matches found

CNNVD
CNNVD
added 2024/08/01 12:0 a.m.4 views

WordPress plugin Eventin 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...

5.9CVSS6AI score0.00294EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/08/01 12:0 a.m.9 views

PT-2024-28585 · Eventin · Eventin

Name of the Vulnerable Software and Affected Versions: Eventin versions n/a through 4.0.5 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. Recommendations: For versions n/a...

5.9CVSS5.8AI score0.00294EPSS
Exploits0References6
NVD
NVD
added 2024/07/21 8:15 a.m.31 views

CVE-2024-37507

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Themewinter Eventin allows Stored XSS.This issue affects Eventin: from n/a through 3.3.57...

6.5CVSS0.00277EPSS
Exploits0References1
OSV
OSV
added 2024/07/21 8:15 a.m.7 views

CVE-2024-37507

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Themewinter Eventin allows Stored XSS.This issue affects Eventin: from n/a through 3.3.57...

5.4CVSS5.8AI score0.00277EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/07/21 7:21 a.m.32 views

CVE-2024-37507 WordPress Eventin plugin <= 3.3.57 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Themewinter Eventin allows Stored XSS.This issue affects Eventin: from n/a through 3.3.57...

6.5CVSS0.00277EPSS
Exploits0References1
CVE
CVE
added 2024/07/21 7:21 a.m.53 views

CVE-2024-37507

CVE-2024-37507 is a stored XSS in the Themewinter Eventin WordPress plugin, affecting Eventin versions up to 3.3.57. Root cause: Improper neutralization of input during web page generation. Exploitation requires authentication; impact is stored XSS on affected pages. Remediation: update to a fixe...

6.5CVSS6.5AI score0.00277EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/07/21 7:21 a.m.15 views

CVE-2024-37507 WordPress Eventin plugin <= 3.3.57 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Themewinter Eventin allows Stored XSS.This issue affects Eventin: from n/a through 3.3.57...

6.5CVSS6.8AI score0.00277EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/07/21 12:0 a.m.8 views

PT-2024-27613 · Eventin · Eventin

Name of the Vulnerable Software and Affected Versions: Eventin versions 3.3.57 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. Recommendations: For versions...

6.5CVSS5.6AI score0.00277EPSS
Exploits0References6
NVD
NVD
added 2024/07/17 7:15 a.m.29 views

CVE-2024-6033

The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to unauthorized data importation due to a missing capability check on the 'importfile' function in all versions up to, and including, 4.0.4. This makes it possible for authenticated attackers,...

4.3CVSS0.00362EPSS
Exploits0References3
OSV
OSV
added 2024/07/17 7:15 a.m.6 views

CVE-2024-6033

The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to unauthorized data importation due to a missing capability check on the 'importfile' function in all versions up to, and including, 4.0.4. This makes it possible for authenticated attackers,...

4.3CVSS5.8AI score0.00362EPSS
Exploits0References3
CVE
CVE
added 2024/07/17 6:45 a.m.58 views

CVE-2024-6033

CVE-2024-6033 concerns WordPress plugin Eventin (Event Manager, Events Calendar, Tickets, Registrations). The advisory states a missing capability check on the import_file function across all versions up to and including 4.0.4, enabling authenticated attackers with Contributor-level access and ab...

4.3CVSS4.7AI score0.00362EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/07/17 2:13 a.m.7 views

WordPress Eventin plugin <= 4.0.4 - Missing Authorization to Authenticated (Contributor+) Event Data Import vulnerability

Missing Authorization to Authenticated Contributor+ Event Data Import vulnerability discovered by Peter Thaleikis in WordPress Plugin Eventin versions = 4.0.4...

4.3CVSS7AI score0.00362EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/07/17 12:0 a.m.13 views

WordPress Eventin Plugin <= 4.0.4 is vulnerable to Broken Access Control

Software Eventin Type Plugin Vulnerable versions = 4.0.4 Fixed in 4.0.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-6033 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7a6bb73df9d9 Credits Peter Thaleikis Required privilege...

4.3CVSS6.9AI score0.00362EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/07/17 12:0 a.m.4 views

PT-2024-37332 · WordPress · Eventin

Name of the Vulnerable Software and Affected Versions: Eventin plugin for WordPress versions up to, and including, 4.0.4 Description: The issue is related to unauthorized data importation due to a missing capability check on the import file function. This allows authenticated attackers with...

4.3CVSS6.6AI score0.00362EPSS
Exploits0References8
Patchstack
Patchstack
added 2024/07/04 1:37 p.m.5 views

WordPress Eventin plugin <= 3.3.57 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by justakazh Patchstack Alliance in WordPress Plugin Eventin versions = 3.3.57...

6.5CVSS6.1AI score0.00277EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/07/04 12:0 a.m.13 views

WordPress Eventin Plugin <= 3.3.57 is vulnerable to Cross Site Scripting (XSS)

Software Eventin Type Plugin Vulnerable versions = 3.3.57 Fixed in 4.0.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37507 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 0209c1693be3 Credits justakazh Required privilege Author Published...

6.5CVSS6.6AI score0.00277EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/02/12 12:0 a.m.12 views

WordPress Eventin Plugin <= 3.3.50 is vulnerable to Broken Access Control

Software Eventin Type Plugin Vulnerable versions = 3.3.50 Fixed in 3.3.51 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1122 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID a2c7fec8c772 Credits Francesco Carlucci Required privileg...

5.3CVSS6.5AI score0.00471EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/02/09 5:15 a.m.3 views

CVE-2024-1122

The Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportdata function in all versions up to, and including, 3.3.50. This makes it possible for unauthenticated...

5.3CVSS7.3AI score0.00471EPSS
Exploits0References2
Prion
Prion
added 2024/02/09 5:15 a.m.21 views

Design/Logic Flaw

The Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportdata function in all versions up to, and including, 3.3.50. This makes it possible for unauthenticated...

5CVSS7.2AI score0.00471EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/02/09 4:31 a.m.35 views

CVE-2024-1122 Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin <= 3.3.50 - Missing Authorization to Unauthenticated Events Export

The Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportdata function in all versions up to, and including, 3.3.50. This makes it possible for unauthenticated...

5.3CVSS5.4AI score0.00471EPSS
Exploits0References2
Rows per page
Query Builder