9 matches found
CVE-2024-56251
CVE-2024-56251 describes a Cross-Site Request Forgery (CSRF) vulnerability in Event Espresso – Event Registration & Ticketing Sales (Decaf). Affected plugin: Event Espresso – Event Registration & Ticketing Sales; vulnerable range: Event Espresso 4 Decaf from n/a through 5.0.28.decaf. The connecte...
CVE-2024-6883
The Event Espresso 4 Decaf – Event Registration Event Ticketing plugin for WordPress is vulnerable to limited unauthorized plugin settings modification due to a missing capability check on the saveTimezoneString and some other functions in all versions up to and including 4.10.46.decaf. This make...
CVE-2024-6883 Event Espresso 4 Decaf – Event Registration Event Ticketing <= 4.10.46.decaf- Authenticated (Subscriber+) Missing Authorization to Limited Plugin Settings Modification
The Event Espresso 4 Decaf – Event Registration Event Ticketing plugin for WordPress is vulnerable to limited unauthorized plugin settings modification due to a missing capability check on the saveTimezoneString and some other functions in all versions up to and including 4.10.46.decaf. This make...
CVE-2024-6883 Event Espresso 4 Decaf – Event Registration Event Ticketing <= 4.10.46.decaf- Authenticated (Subscriber+) Missing Authorization to Limited Plugin Settings Modification
The Event Espresso 4 Decaf – Event Registration Event Ticketing plugin for WordPress is vulnerable to limited unauthorized plugin settings modification due to a missing capability check on the saveTimezoneString and some other functions in all versions up to and including 4.10.46.decaf. This make...
CVE-2023-27437
Missing Authorization vulnerability in Event Espresso Event Espresso 4 Decaf allows Functionality Misuse.This issue affects Event Espresso 4 Decaf: from n/a through 4.10.44.Decaf...
Cross site request forgery (csrf)
The Event Espresso 4 Decaf plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.10.11. This is due to missing or incorrect nonce validation on the ajaxHandler function. This makes it possible for unauthenticated attackers to op into notifications vi...
CVE-2021-4404
CVE-2021-4404 concerns the WordPress plugin Event Espresso 4 Decaf. A CSRF vulnerability exists in versions up to 4.10.11 due to missing/incorrect nonce validation in the ajaxHandler() function. This enables unauthenticated attackers to trigger actions by tricking an administrator into performing...
CVE-2021-4404 Event Espresso 4 Decaf <= 4.10.11 - Cross-Site Request Forgery Bypass
The Event Espresso 4 Decaf plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.10.11. This is due to missing or incorrect nonce validation on the ajaxHandler function. This makes it possible for unauthenticated attackers to op into notifications vi...
WordPress Event Espresso 4 Decaf Plugin <= 4.10.44.decaf is vulnerable to Bypass Vulnerability
Software Event Espresso 4 Decaf Type Plugin Vulnerable versions = 4.10.44.decaf Fixed in 4.10.45.decaf OWASP Top 10 A6: Security Misconfiguration Classification Bypass Vulnerability CVE CVE-2023-27437 Patch priority Low CVSS severity Low 3.7 Developer Claim ownership PSID c6c996aac547 Credits...