77 matches found
Event Espresso Core-Reg 4.10.7.p - Cross-Site Scripting
Event Espresso Core-Reg 4.10.7.p is vulnerable to cross-site scripting in wp-content/plugins/event-espresso-core-reg/adminpages/messages/templates/eemsgadminoverview.template.php and allows remote attackers to inject arbitrary web script or HTML via the page parameter. id: CVE-2020-26153 info:...
CVE-2025-68007
Missing Authorization vulnerability in Event Espresso Event Espresso 4 Decaf event-espresso-decaf allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Espresso 4 Decaf: from n/a through = 5.0.37.decaf...
CVE-2025-68007
Missing Authorization vulnerability in Event Espresso Event Espresso 4 Decaf event-espresso-decaf allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Espresso 4 Decaf: from n/a through = 5.0.37.decaf...
CVE-2025-68007
Missing Authorization vulnerability in Event Espresso Event Espresso 4 Decaf event-espresso-decaf allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Espresso 4 Decaf: from n/a through = 5.0.37.decaf...
CVE-2025-68007 WordPress Event Espresso 4 Decaf plugin <= 5.0.37.decaf - Settings Change vulnerability
Missing Authorization vulnerability in Event Espresso Event Espresso 4 Decaf event-espresso-decaf allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Espresso 4 Decaf: from n/a through = 5.0.37.decaf...
CVE-2025-68007 WordPress Event Espresso 4 Decaf plugin <= 5.0.37.decaf - Settings Change vulnerability
Missing Authorization vulnerability in Event Espresso Event Espresso 4 Decaf event-espresso-decaf allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Espresso 4 Decaf: from n/a through = 5.0.37.decaf...
CVE-2025-68007
CVE-2025-68007 corresponds to a Missing Authorization/Settings Change vulnerability in WordPress Event Espresso 4 Decaf (affected
WordPress plugin Event Espresso 4 Decaf has a security vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-4051
Name of the Vulnerable Software and Affected Versions Event Espresso versions through 5.0.37.decaf Description An authorization issue exists in Event Espresso 4 Decaf, allowing exploitation of incorrectly configured access control security levels. Recommendations Update Event Espresso 4 Decaf to ...
WordPress Event Espresso 4 Decaf plugin <= 5.0.37.decaf - Settings Change vulnerability
Settings Change vulnerability discovered by Legion Hunter in WordPress Plugin Event Espresso 4 Decaf versions = 5.0.37.decaf...
EUVD-2017-6255
Malware in sbrugna...
EUVD-2023-31213
Malicious code in bioql PyPI...
EUVD-2024-53049
Malicious code in bioql PyPI...
EUVD-2024-47873
Malicious code in bioql PyPI...
EUVD-2025-11652
Malicious code in bioql PyPI...
EUVD-2021-34231
Malicious code in bioql PyPI...
CVE-2024-6883
The Event Espresso 4 Decaf – Event Registration Event Ticketing plugin for WordPress is vulnerable to limited unauthorized plugin settings modification due to a missing capability check on the saveTimezoneString and some other functions in all versions up to and including 4.10.46.decaf. This make...
CVE-2024-56251
Cross-Site Request Forgery CSRF vulnerability in Event Espresso Event Espresso 4 Decaf event-espresso-decaf allows Cross Site Request Forgery.This issue affects Event Espresso 4 Decaf: from n/a through = 5.0.28.decaf...
CVE-2023-27437
Missing Authorization vulnerability in Event Espresso Event Espresso 4 Decaf allows Functionality Misuse.This issue affects Event Espresso 4 Decaf: from n/a through 4.10.44.Decaf...
CVE-2021-4404
The Event Espresso 4 Decaf plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.10.11. This is due to missing or incorrect nonce validation on the ajaxHandler function. This makes it possible for unauthenticated attackers to op into notifications vi...