Lucene search
K

102 matches found

NVD
NVD
added 5 days ago4 views

CVE-2026-13039

The Eventin – Event Calendar, Event Registration, Tickets & Booking AI Powered plugin for WordPress is vulnerable to authorization bypass due to a regression in versions from 4.0.26 up to and including 4.1.15. This is due to the plugin not properly verifying that a user is authorized to perform a...

5.3CVSS0.00257EPSS
Exploits0References2
Cvelist
Cvelist
added 5 days ago30 views

CVE-2026-13039 Eventin 4.0.26 - 4.1.15 - Missing Authorization to Unauthenticated Payment Bypass via REST API

The Eventin – Event Calendar, Event Registration, Tickets & Booking AI Powered plugin for WordPress is vulnerable to authorization bypass due to a regression in versions from 4.0.26 up to and including 4.1.15. This is due to the plugin not properly verifying that a user is authorized to perform a...

5.3CVSS0.00257EPSS
Exploits0References2
EUVD
EUVD
added 5 days ago5 views

EUVD-2026-43025

The Eventin – Event Calendar, Event Registration, Tickets & Booking AI Powered plugin for WordPress is vulnerable to authorization bypass due to a regression in versions from 4.0.26 up to and including 4.1.15. This is due to the plugin not properly verifying that a user is authorized to perform a...

5.3CVSS6.1AI score0.00257EPSS
Exploits0References2
CVE
CVE
added 5 days ago7 views

CVE-2026-13039

The Eventin plugin for WordPress (versions 4.0.26–4.1.15) has an authorization bypass in payment_complete() via REST API due to insufficient verification of user authorization. Unauthenticated attackers can mark unpaid ticket orders as completed by submitting a fabricated SureCart checkout ID or ...

5.3CVSS6.1AI score0.00257EPSS
Exploits0References2
NVD
NVD
added 5 days ago5 views

CVE-2026-12924

The Eventin – Event Calendar, Event Registration, Tickets & Booking AI Powered plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'etnfaqcontent' parameter in all versions up to, and including, 4.1.15 due to insufficient input sanitization and output escaping. This makes it...

6.4CVSS0.00206EPSS
Exploits0References8
CVE
CVE
added 5 days ago7 views

CVE-2026-12924

Eventin WordPress plugin (WP Event Solution) ≤ 4.1.15 is vulnerable to Stored Cross‑Site Scripting via the etn_faq_content parameter due to insufficient input sanitization and output escaping. Exploitation requires contributor‑level authentication or higher, enabling injection of scripts that exe...

6.4CVSS6.2AI score0.00206EPSS
Exploits0References8
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42843

The Eventin – Event Calendar, Event Registration, Tickets & Booking AI Powered plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'etnfaqcontent' parameter in all versions up to, and including, 4.1.15 due to insufficient input sanitization and output escaping. This makes it...

6.4CVSS6.2AI score0.00206EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-12924

The Eventin – Event Calendar, Event Registration, Tickets & Booking AI Powered plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'etnfaqcontent' parameter in all versions up to, and including, 4.1.15 due to insufficient input sanitization and output escaping. This makes it...

6.4CVSS6.2AI score0.00206EPSS
Exploits0References9
Cvelist
Cvelist
added 5 days ago30 views

CVE-2026-12924 Eventin <= 4.1.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'etn_faq_content' Parameter

The Eventin – Event Calendar, Event Registration, Tickets & Booking AI Powered plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'etnfaqcontent' parameter in all versions up to, and including, 4.1.15 due to insufficient input sanitization and output escaping. This makes it...

6.4CVSS0.00206EPSS
Exploits0References8
Patchstack
Patchstack
added 6 days ago4 views

WordPress Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered) plugin 4.0.25-4.1.15 - 4.1.15 - Missing Authorization to Unauthenticated Payment Bypass vulnerability

Event Calendar, Event Registration, Tickets & Booking AI Powered plugin 4.0.25-4.1.15 - 4.1.15 - Missing Authorization to Unauthenticated Payment Bypass vulnerability discovered by Niv Kochan in WordPress Plugin WP Event SOlution versions 4.0.25-4.1.15...

5.3CVSS6.1AI score0.00257EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/06/15 8:18 p.m.25 views

CVE-2026-40776

CVE-2026-40776 affects the WP Event Solution (Eventin) plugin up to version 4.1.8, where unauthenticated requests can trigger Broken Access Control. The root cause involves three permission checks that accept a wp_rest nonce as authentication, plus an IDOR-prone Order endpoint and an open seat-bo...

7.5CVSS5.1AI score0.00414EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:28 p.m.10 views

CVE-2026-4109

The Eventin – Events Calendar, Event Booking, Ticket & Registration AI Powered plugin for WordPress is vulnerable to unauthorized access of data due to a improper capability check on the getitempermissionscheck function in all versions up to, and including, 4.1.8. This makes it possible for...

4.3CVSS5.6AI score0.00179EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/05/06 8:51 p.m.103 views

Exploit for CVE-2026-40776

CVE-2026-40776 Eventin wp-event-solution Broken Access C...

5.8AI score0.00414EPSS
Exploits2
GithubExploit
GithubExploit
added 2026/05/03 9:47 p.m.113 views

Exploit for CVE-2026-40776

CVE-2026-40776 — Eventin wp-event-solution Broken Access Con...

5.8AI score0.00414EPSS
Exploits2
Patchstack
Patchstack
added 2026/04/29 4:45 a.m.8 views

WordPress Eventin plugin <= 4.1.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Lorenzo Fradeani in WordPress Plugin WP Event SOlution versions = 4.1.8...

5.8AI score0.00414EPSS
Exploits2Affected Software1
NVD
NVD
added 2026/04/14 9:16 a.m.5 views

CVE-2026-4109

The Eventin – Events Calendar, Event Booking, Ticket & Registration AI Powered plugin for WordPress is vulnerable to unauthorized access of data due to a improper capability check on the getitempermissionscheck function in all versions up to, and including, 4.1.8. This makes it possible for...

4.3CVSS0.00179EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/14 7:43 a.m.3 views

EUVD-2026-22231

The Eventin – Events Calendar, Event Booking, Ticket & Registration AI Powered plugin for WordPress is vulnerable to unauthorized access of data due to a improper capability check on the getitempermissionscheck function in all versions up to, and including, 4.1.8. This makes it possible for...

4.3CVSS5.9AI score0.00179EPSS
Exploits0References2
CVE
CVE
added 2026/04/14 7:43 a.m.17 views

CVE-2026-4109

The CVE concerns the WordPress plugin Eventin – Events Calendar, Event Booking, Ticket & Registration (AI Powered) for WordPress. Affected: all versions up to and including 4.1.8. Vulnerability: improper capability check in get_item_permissions_check() allows authenticated attackers with Subscrib...

4.3CVSS5.9AI score0.00179EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/14 7:43 a.m.2 views

CVE-2026-4109 Eventin – Events Calendar, Event Booking, Ticket & Registration (AI Powered) <= 4.1.8 Missing Authorization to Authenticated (Subscriber+) Order Information Exposure

The Eventin – Events Calendar, Event Booking, Ticket & Registration AI Powered plugin for WordPress is vulnerable to unauthorized access of data due to a improper capability check on the getitempermissionscheck function in all versions up to, and including, 4.1.8. This makes it possible for...

4.3CVSS5.9AI score0.00179EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/14 7:43 a.m.1 views

CVE-2026-4109

The Eventin – Events Calendar, Event Booking, Ticket & Registration AI Powered plugin for WordPress is vulnerable to unauthorized access of data due to a improper capability check on the getitempermissionscheck function in all versions up to, and including, 4.1.8. This makes it possible for...

4.3CVSS5.9AI score0.00179EPSS
Exploits0References3
Rows per page
Query Builder