Lucene search
K

5 matches found

CVE
CVE
added 2026/04/14 7:43 a.m.15 views

CVE-2026-4109

The CVE concerns the WordPress plugin Eventin – Events Calendar, Event Booking, Ticket & Registration (AI Powered) for WordPress. Affected: all versions up to and including 4.1.8. Vulnerability: improper capability check in get_item_permissions_check() allows authenticated attackers with Subscrib...

4.3CVSS5.9AI score0.00179EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/04/14 3:41 a.m.6 views

WordPress Eventin - Events Calendar, Event Booking, Ticket & Registration (AI Powered) plugin <= 4.1.8 Missing Authorization to Authenticated (Subscriber+) Order Information Exposure vulnerability

Events Calendar, Event Booking, Ticket & Registration AI Powered plugin = 4.1.8 Missing Authorization to Authenticated Subscriber+ Order Information Exposure vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin WP Event SOlution versions = 4.1.8...

4.3CVSS5.8AI score0.00179EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 8:38 a.m.4 views

CVE-2026-0656

The iPaymu Payment Gateway for WooCommerce plugin for WordPress is vulnerable to Missing Authentication in all versions up to, and including, 2.0.2 via the 'checkipaymuresponse' function. This is due to the plugin not validating webhook request authenticity through signature verification or origi...

8.2CVSS6.1AI score0.00306EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/22 11:8 a.m.11 views

CVE-2025-13526 OneClick Chat to Order <= 1.0.8 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Exposure

The OneClick Chat to Order plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.0.8 via the 'waorderthankyouoverride' function due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to view...

7.5CVSS0.00315EPSS
Exploits0References3
OSV
OSV
added 2017/09/22 7:29 a.m.3 views

CVE-2017-14653

member/Orderinfo.asp in ASP4CMS AspCMS 2.7.2 allows remote authenticated users to read arbitrary order information via a modified OrderNo parameter...

6.5CVSS5.9AI score0.01051EPSS
Exploits1References1
Rows per page
Query Builder