CVE-2025-68007 WordPress Event Espresso 4 Decaf plugin <= 5.0.37.decaf - Settings Change vulnerability

Missing Authorization vulnerability in Event Espresso Event Espresso 4 Decaf event-espresso-decaf allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Espresso 4 Decaf: from n/a through = 5.0.37.decaf...

CVE-2025-68007

CVE-2025-68007 corresponds to a Missing Authorization/Settings Change vulnerability in WordPress Event Espresso 4 Decaf (affected

WordPress Event Espresso 4 Decaf plugin <= 5.0.37.decaf - Settings Change vulnerability

Settings Change vulnerability discovered by Legion Hunter in WordPress Plugin Event Espresso 4 Decaf versions = 5.0.37.decaf...

CVE-2021-4404

The Event Espresso 4 Decaf plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.10.11. This is due to missing or incorrect nonce validation on the ajaxHandler function. This makes it possible for unauthenticated attackers to op into notifications vi...

WordPress plugin Event Espresso 4 Decaf 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. WordPress plugin Event Espresso 4 Decaf Version...

WordPress Event Espresso 4 Decaf plugin < 5.0.22.decaf - Authenticated (Subscriber+) Missing Authorization to Limited Plugin Settings Modification vulnerability

Authenticated Subscriber+ Missing Authorization to Limited Plugin Settings Modification vulnerability discovered by Lucio Sá in WordPress Plugin Event Espresso 4 Decaf versions 5.0.22.decaf...

WordPress Event Espresso 4 Decaf Plugin < 5.0.22.decaf is vulnerable to Broken Access Control

Software Event Espresso 4 Decaf Type Plugin Vulnerable versions 5.0.22.decaf Fixed in 5.0.22.decaf OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-6883 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID a6f359f7f67f Credits Lucio Sá...

CVE-2021-4404

The Event Espresso 4 Decaf plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.10.11. This is due to missing or incorrect nonce validation on the ajaxHandler function. This makes it possible for unauthenticated attackers to op into notifications vi...