Lucene search
K

9 matches found

CVE
CVE
added 2025/01/02 12:1 p.m.43 views

CVE-2024-56251

CVE-2024-56251 describes a Cross-Site Request Forgery (CSRF) vulnerability in Event Espresso – Event Registration & Ticketing Sales (Decaf). Affected plugin: Event Espresso – Event Registration & Ticketing Sales; vulnerable range: Event Espresso 4 Decaf from n/a through 5.0.28.decaf. The connecte...

4.3CVSS7.2AI score0.00174EPSS
Exploits0References1
NVD
NVD
added 2024/08/21 6:15 a.m.29 views

CVE-2024-6883

The Event Espresso 4 Decaf – Event Registration Event Ticketing plugin for WordPress is vulnerable to limited unauthorized plugin settings modification due to a missing capability check on the saveTimezoneString and some other functions in all versions up to and including 4.10.46.decaf. This make...

4.3CVSS0.00282EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/08/21 5:30 a.m.16 views

CVE-2024-6883 Event Espresso 4 Decaf – Event Registration Event Ticketing <= 4.10.46.decaf- Authenticated (Subscriber+) Missing Authorization to Limited Plugin Settings Modification

The Event Espresso 4 Decaf – Event Registration Event Ticketing plugin for WordPress is vulnerable to limited unauthorized plugin settings modification due to a missing capability check on the saveTimezoneString and some other functions in all versions up to and including 4.10.46.decaf. This make...

4.3CVSS5.8AI score0.00282EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/08/21 5:30 a.m.20 views

CVE-2024-6883 Event Espresso 4 Decaf – Event Registration Event Ticketing <= 4.10.46.decaf- Authenticated (Subscriber+) Missing Authorization to Limited Plugin Settings Modification

The Event Espresso 4 Decaf – Event Registration Event Ticketing plugin for WordPress is vulnerable to limited unauthorized plugin settings modification due to a missing capability check on the saveTimezoneString and some other functions in all versions up to and including 4.10.46.decaf. This make...

4.3CVSS0.00282EPSS
Exploits0References2
NVD
NVD
added 2024/06/03 10:15 p.m.15 views

CVE-2023-27437

Missing Authorization vulnerability in Event Espresso Event Espresso 4 Decaf allows Functionality Misuse.This issue affects Event Espresso 4 Decaf: from n/a through 4.10.44.Decaf...

3.7CVSS4.2AI score0.00313EPSS
Exploits0References1
Prion
Prion
added 2023/07/01 6:15 a.m.13 views

Cross site request forgery (csrf)

The Event Espresso 4 Decaf plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.10.11. This is due to missing or incorrect nonce validation on the ajaxHandler function. This makes it possible for unauthenticated attackers to op into notifications vi...

4.3CVSS4.3AI score0.0039EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2023/07/01 5:33 a.m.36 views

CVE-2021-4404

CVE-2021-4404 concerns the WordPress plugin Event Espresso 4 Decaf. A CSRF vulnerability exists in versions up to 4.10.11 due to missing/incorrect nonce validation in the ajaxHandler() function. This enables unauthenticated attackers to trigger actions by tricking an administrator into performing...

4.3CVSS4.2AI score0.0039EPSS
Exploits0References9Affected Software1
Cvelist
Cvelist
added 2023/07/01 5:33 a.m.16 views

CVE-2021-4404 Event Espresso 4 Decaf <= 4.10.11 - Cross-Site Request Forgery Bypass

The Event Espresso 4 Decaf plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.10.11. This is due to missing or incorrect nonce validation on the ajaxHandler function. This makes it possible for unauthenticated attackers to op into notifications vi...

4.3CVSS4.6AI score0.0039EPSS
Exploits0References9
Patchstack
Patchstack
added 2023/03/05 12:0 a.m.10 views

WordPress Event Espresso 4 Decaf Plugin <= 4.10.44.decaf is vulnerable to Bypass Vulnerability

Software Event Espresso 4 Decaf Type Plugin Vulnerable versions = 4.10.44.decaf Fixed in 4.10.45.decaf OWASP Top 10 A6: Security Misconfiguration Classification Bypass Vulnerability CVE CVE-2023-27437 Patch priority Low CVSS severity Low 3.7 Developer Claim ownership PSID c6c996aac547 Credits...

3.7CVSS6.6AI score0.00313EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder