CVE-2024-56251 WordPress Event Espresso plugin <= 5.0.28.decaf - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Event Espresso Event Espresso 4 Decaf event-espresso-decaf allows Cross Site Request Forgery.This issue affects Event Espresso 4 Decaf: from n/a through = 5.0.28.decaf...

PT-2023-12516 · WordPress · Event Espresso 4 Decaf

Name of the Vulnerable Software and Affected Versions: Event Espresso 4 Decaf plugin for WordPress versions up to, and including, 4.10.11 Description: The issue is due to missing or incorrect nonce validation on the ajaxHandler function, making it possible for unauthenticated attackers to opt int...

The vulnerability in the implementation of the `wp-content/plugins/event-espresso-core-reg/admin_pages/messages/templates/ee_msg_admin_overview.template.php` file, which is part of the Event Espresso plugin’s core for WordPress website content management, allows a hacker to execute arbitrary code.

The vulnerability in the implementation of the wp-content/plugins/event-espresso-core-reg/adminpages/messages/templates/eemsgadminoverview.template.php file, which is part of the Event Espresso plugin for WordPress website content management systems, relates to the lack of security measures for...