Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

252 matches found

Nuclei
Nucleiadded yesterday19 views

Event Monster <= 1.4.3 - Information Exposure Via Visitors List Export

The Event Monster Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.3 via the Visitors List Export file. During the export, a CSV file is created in the wp-content folder with a hardcoded filename...

5.3CVSS6.3AI score0.60271EPSS
Exploits2References5
RedhatCVE
RedhatCVEadded 5 days ago9 views

CVE-2026-8608

The Event Monster – Event Management, Events Calendar, Tickets plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to, and including, 2.1.0. This is due to the capturepayment AJAX handler registered via wpajaxnoprivemcapturepayment trusting...

5.3CVSS5.6AI score0.00023EPSS
Exploits0References1
NVD
NVDadded 6 days ago6 views

CVE-2026-8608

The Event Monster – Event Management, Events Calendar, Tickets plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to, and including, 2.1.0. This is due to the capturepayment AJAX handler registered via wpajaxnoprivemcapturepayment trusting...

5.3CVSS0.00023EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded last week6 views

CVE-2026-8608 Event Monster <= 2.1.0 - Unauthenticated Insufficient Verification of Data Authenticity to Payment Bypass via em_capture_payment AJAX Action

The Event Monster – Event Management, Events Calendar, Tickets plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to, and including, 2.1.0. This is due to the capturepayment AJAX handler registered via wpajaxnoprivemcapturepayment trusting...

5.3CVSS5.6AI score0.00023EPSS
Exploits0References5
CVE
CVEadded last week17 views

CVE-2026-8608

The CVE affects the WordPress plugin “Event Monster” (Event Monster – Event Management, Events Calendar, Tickets) up to version 2.1.0. The root cause is Insufficient Verification of Data Authenticity in the capture_payment() AJAX handler (wp_ajax_nopriv_em_capture_payment), which trusts client-su...

5.3CVSS5.6AI score0.00023EPSS
Exploits0References5
Cvelist
Cvelistadded last week33 views

CVE-2026-8608 Event Monster <= 2.1.0 - Unauthenticated Insufficient Verification of Data Authenticity to Payment Bypass via em_capture_payment AJAX Action

The Event Monster – Event Management, Events Calendar, Tickets plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to, and including, 2.1.0. This is due to the capturepayment AJAX handler registered via wpajaxnoprivemcapturepayment trusting...

5.3CVSS0.00023EPSS
Exploits0References5
RedhatCVE
RedhatCVEadded 2026/01/24 3:18 p.m.8 views

CVE-2026-24607

Missing Authorization vulnerability in wptravelengine Travel Monster travel-monster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel Monster: from n/a through = 1.3.3...

5.3CVSS5.4AI score0.00022EPSS
Exploits0References1
NVD
NVDadded 2026/01/23 3:16 p.m.2 views

CVE-2026-24607

Missing Authorization vulnerability in wptravelengine Travel Monster travel-monster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel Monster: from n/a through = 1.3.3...

5.3CVSS0.00022EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/01/23 2:29 p.m.3 views

CVE-2026-24607 WordPress Travel Monster theme <= 1.3.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in wptravelengine Travel Monster travel-monster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel Monster: from n/a through = 1.3.3...

5.3CVSS5.4AI score0.00022EPSS
Exploits0References1
CVE
CVEadded 2026/01/23 2:29 p.m.9 views

CVE-2026-24607

CVE-2026-24607: Travel Monster WordPress theme up to 1.3.3 suffers Missing Authorization (Broken Access Control). The vulnerability affects Travel Monster (WordPress theme) and is currently unpatched according to sources, with advisories indicating to upgrade to a version later than 1.3.3. No exp...

5.3CVSS5.4AI score0.00022EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/01/23 2:29 p.m.29 views

CVE-2026-24607 WordPress Travel Monster theme <= 1.3.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in wptravelengine Travel Monster travel-monster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel Monster: from n/a through = 1.3.3...

5.3CVSS0.00022EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/01/23 2:29 p.m.1 views

CVE-2026-24607

Missing Authorization vulnerability in wptravelengine Travel Monster travel-monster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel Monster: from n/a through = 1.3.3...

5.3CVSS5.9AI score0.00022EPSS
Exploits0References2
CNNVD
CNNVDadded 2026/01/23 12:0 a.m.4 views

WordPress plugin Travel Monster has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS5.8AI score0.00022EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/01/23 12:0 a.m.3 views

PT-2026-4441

Name of the Vulnerable Software and Affected Versions Travel Monster versions through 1.3.3 Description An issue exists in Travel Monster related to incorrectly configured access control security levels, allowing for missing authorization. The vulnerability allows exploitation of these levels...

5.3CVSS5.3AI score0.00022EPSS
Exploits0References4
Patchstack
Patchstackadded 2026/01/13 1:56 p.m.4 views

WordPress Travel Monster theme <= 1.3.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by John P in WordPress Theme Travel Monster versions = 1.3.3...

5.3CVSS5.3AI score0.00022EPSS
Exploits0Affected Software1
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2014-5670

Malware in sbrugna...

5.4CVSS6.4AI score0.00134EPSS
Exploits0References4
EUVD
EUVDadded 2025/10/07 12:30 a.m.4 views

EUVD-2013-4133

Malware in sbrugna...

2.1CVSS6.4AI score0.00253EPSS
Exploits1References8
EUVD
EUVDadded 2025/10/07 12:30 a.m.3 views

EUVD-2015-7988

Malware in sbrugna...

5CVSS6.4AI score0.0025EPSS
Exploits0References3
EUVD
EUVDadded 2025/10/07 12:30 a.m.4 views

EUVD-2013-4134

Malware in sbrugna...

6CVSS6.4AI score0.00764EPSS
Exploits0References8
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2006-2642

Malware in sbrugna...

4.3CVSS6.4AI score0.00335EPSS
Exploits0References4
Rows per page
Query Builder