63 matches found
CVE-2024-11134 Eventer <= 3.9.9 - Missing Authorization to Authenticated (Subscriber+) Bookings Export
The Eventer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'eventerexportbookingscsv' function in all versions up to, and including, 3.9.9. This makes it possible for authenticated attackers with subscriber-level permissions or above, to...
CVE-2024-11134
CVE-2024-11134 affects the WordPress Eventer plugin (Eventer - WordPress Event & Booking Manager Plugin). The issue is a missing authorization check on the eventer_export_bookings_csv function, allowing authenticated users with subscriber-level permissions or higher to download bookings that cont...
CVE-2024-11134 Eventer <= 3.9.9 - Missing Authorization to Authenticated (Subscriber+) Bookings Export
The Eventer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'eventerexportbookingscsv' function in all versions up to, and including, 3.9.9. This makes it possible for authenticated attackers with subscriber-level permissions or above, to...
CVE-2024-11132 Eventer <= 3.9.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Eventer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.9.9.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level...
CVE-2024-11132 Eventer <= 3.9.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Eventer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.9.9.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level...
CVE-2024-11132
CVE-2024-11132 - Eventer (WordPress Plugin) The WordPress Eventer plugin (up to 3.9.9) is vulnerable to Stored Cross‑Site Scripting via shortcode attributes due to insufficient input sanitization and output escaping. Exploitation requires authenticated access at contributor level or higher, enabl...
CVE-2024-11133
CVE-2024-11133 affects the WordPress Eventer plugin (Eventer - WordPress Event & Booking Manager Plugin). A missing capability check in handle_pdf_download_request allows unauthenticated users to download event tickets across versions up to 3.9.9. Several connected sources confirm the vulnerabili...
CVE-2024-11133 Eventer <= 3.9.9.5 - Missing Authorization to Unauthenticated Event Ticket Download
The Eventer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'handlepdfdownloadrequest' function in all versions up to, and including, 3.9.9.5. This makes it possible for unauthenticated attackers to download event tickets...
PT-2025-1623 · WordPress · Eventer
Name of the Vulnerable Software and Affected Versions: Eventer plugin for WordPress versions prior to 3.9.10 Description: The issue allows unauthorized access to data due to a missing capability check on the eventer export bookings csv function. This enables authenticated attackers with...
WordPress plugin Eventer 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress Eventer plugin <= 3.9.8 - Unauthenticated SQL Injection vulnerability
Unauthenticated SQL Injection vulnerability discovered by István Márton in WordPress Plugin Eventer versions = 3.9.8...
CVE-2024-11135
The Eventer plugin for WordPress is vulnerable to SQL Injection via the 'event' parameter in the 'eventergetattendees' function in all versions up to, and including, 3.9.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. Thi...
CVE-2024-11135 Eventer <= 3.9.8 - Unauthenticated SQL Injection via eventer_get_attendees
The Eventer plugin for WordPress is vulnerable to SQL Injection via the 'event' parameter in the 'eventergetattendees' function in all versions up to, and including, 3.9.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. Thi...
CVE-2024-11135
CVE-2024-11135 — Eventer (WordPress) SQL Injection : The WordPress Eventer plugin (up to version 3.9.8) is vulnerable to unauthenticated SQL injection via the event parameter in the eventer_get_attendees function. The issue stems from insufficient escaping and lack of prepared statements in the S...
CVE-2024-11135 Eventer <= 3.9.8 - Unauthenticated SQL Injection via eventer_get_attendees
The Eventer plugin for WordPress is vulnerable to SQL Injection via the 'event' parameter in the 'eventergetattendees' function in all versions up to, and including, 3.9.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. Thi...
PT-2025-1624 · WordPress · Eventer
Name of the Vulnerable Software and Affected Versions: Eventer plugin for WordPress versions up to, and including, 3.9.8 Description: The issue concerns a SQL injection vulnerability via the event parameter in the eventer get attendees function. This vulnerability is due to insufficient escaping ...
WordPress plugin Eventer SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...
CVE-2024-10799
The Eventer plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.9.7 via the eventerwoodownloadtickets function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the...
CVE-2024-10799
The Eventer plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.9.7 via the eventerwoodownloadtickets function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the...
CVE-2024-10799
CVE-2024-10799: Eventer (WordPress Event & Booking Manager Plugin)