Event Monster <= 1.4.3 - Information Exposure Via Visitors List Export

The Event Monster Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.3 via the Visitors List Export file. During the export, a CSV file is created in the wp-content folder with a hardcoded filename...

EUVD-2022-42723

Malicious code in bioql PyPI...

EUVD-2022-43077

Malicious code in bioql PyPI...

CVE-2022-3336

The Event Monster WordPress plugin before 1.2.0 does not have CSRF check when deleting visitors, which could allow attackers to make logged in admin delete arbitrary visitors via a CSRF attack...

WordPress Event Monster 1.4.3 Information Disclosure Vulnerability

CVE-2024-11396 Event monster = 1.4.3 - Information Exposure Via Visitors List Export Description The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.3 via the Visitors List Expor...

CVE-2024-11396

The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.3 via the Visitors List Export file. During the export, a CSV file is created in the wp-content folder with a hardcoded filena...

WordPress Event Monster 1.4.3 Information Disclosure

WordPress Event Monster plugin versions 1.4.3 and below suffer from an information disclosure vulnerability. CVE-2024-11396 Event monster = 1.4.3 - Information Exposure Via Visitors List Export Description The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress ...

CVE-2024-11396

CVE-2024-11396 : The WordPress plugin Event Monster – Event Management, Tickets Booking, Upcoming Event (versions up to 1.4.3) allows information exposure via the Visitors List Export. During export, a CSV is created in wp-content with a public filename, letting unauthenticated attackers access v...

CVE-2024-11396 Event monster <= 1.4.3 - Information Exposure Via Visitors List Export

The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.3 via the Visitors List Export file. During the export, a CSV file is created in the wp-content folder with a hardcoded filena...

CVE-2024-1895

The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.9 via deserialization via shortcode of untrusted input from a custom meta value. This makes it possible for authenticated...

CVE-2024-1895

The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.4 via deserialization via shortcode of untrusted input from a custom meta value. This makes it possible for authenticated...

CVE-2024-1895

CVE-2024-1895 affects the WordPress plugin Event Monster – Event Management, Tickets Booking, Upcoming Event . The vulnerability is a PHP Object Injection via deserialization in all versions up to and including 1.3.9, triggered by deserializing untrusted input from a shortcode of a custom meta va...

CVE-2024-1895 Event Monster <= 1.3.9 - Authenticated(Contributor+) PHP Object Injection via Custom Meta

The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.9 via deserialization via shortcode of untrusted input from a custom meta value. This makes it possible for authenticated...

Event Monster <= 1.3.8 - Contributor+ PHP Object Injection via Custom Meta

Description The plugin is vulnerable to PHP Object Injection via deserialization via shortcode of untrusted input from a custom meta value. This makes it possible for authenticated attackers, with contributor access and above, to inject a PHP Object. No POP chain is present in the vulnerable...

CVE-2023-47525

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in A WP Life Event Monster – Event Management, Tickets Booking, Upcoming Event allows Stored XSS.This issue affects Event Monster – Event Management, Tickets Booking, Upcoming Event: from n/a through...

WordPress Event Monster Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

CVE-2022-3720

The Event Monster WordPress plugin before 1.2.0 does not validate and escape some parameters before using them in SQL statements, which could lead to SQL Injection exploitable by high privilege users...

CVE-2022-3336 Event Monster < 1.2.0 - Visitors Deletion via CSRF

The Event Monster WordPress plugin before 1.2.0 does not have CSRF check when deleting visitors, which could allow attackers to make logged in admin delete arbitrary visitors via a CSRF attack...

CVE-2022-3720 Event Monster < 1.2.1 - Admin+ SQLi

The Event Monster WordPress plugin before 1.2.0 does not validate and escape some parameters before using them in SQL statements, which could lead to SQL Injection exploitable by high privilege users...

CVE-2022-3720

The Event Monster WordPress plugin (pre-1.2.0) contains an SQL injection due to unsafely used parameters in SQL statements. Impact is high for high-privilege users; exploitation could lead to sensitive DB access. Affected versions are prior to 1.2.0. Remediation: upgrade to 1.2.0+ (notably 1.2.1 ...