Lucene search
+L

254 matches found

Patchstack
Patchstack
added 2024/10/09 12:0 a.m.24 views

Drupal Monster Menus module < 9.3.2 - Unauthenticated Multiple Vulnerabilities

Unauthenticated Multiple Vulnerabilities discovered by Dan Wilga in WordPress Module Monster Menus versions 9.3.2...

7AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/06/27 11:59 a.m.5 views

WordPress Travel Monster theme <= 1.1.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Theme Travel Monster versions = 1.1.2...

4.3CVSS7AI score0.0018EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/06/27 12:0 a.m.11 views

WordPress Travel Monster Theme <= 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Travel Monster Type Theme Vulnerable versions = 1.1.2 Fixed in 1.1.3 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-37272 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 9e2e19bbb7fc Credits Dhabaleshwar Das...

7AI score0.0018EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/06/21 1:3 p.m.36 views

CVE-2024-5059 WordPress Event Monster Plugin <= 1.4.0 - Sensitive Data Exposure vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in A WP Life Event Management Tickets Booking.This issue affects Event Management Tickets Booking: from n/a through 1.4.0...

5.3CVSS0.00416EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/06/19 10:12 a.m.6 views

WordPress Event Monster Plugin <= 1.4.3 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Muhammad Daffa Patchstack Alliance in WordPress Plugin Event Management Tickets Booking versions = 1.4.3...

7.5CVSS7AI score0.00416EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/04/30 11:56 a.m.8 views

WordPress Event Monster plugin <= 1.3.4 - Authenticated PHP Object Injection via Custom Meta vulnerability

Authenticated PHP Object Injection via Custom Meta vulnerability discovered by Francesco Carlucci in WordPress Plugin Event Management Tickets Booking versions = 1.3.4...

7.5CVSS7.3AI score0.0085EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/04/30 9:15 a.m.17 views

CVE-2024-1895

The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.9 via deserialization via shortcode of untrusted input from a custom meta value. This makes it possible for authenticated...

7.5CVSS7.8AI score0.0085EPSS
Exploits0References3
OSV
OSV
added 2024/04/30 9:15 a.m.9 views

CVE-2024-1895

The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.4 via deserialization via shortcode of untrusted input from a custom meta value. This makes it possible for authenticated...

7.5CVSS6AI score0.0085EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/04/30 8:32 a.m.13 views

CVE-2024-1895

The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.4 via deserialization via shortcode of untrusted input from a custom meta value. This makes it possible for authenticated...

7.5CVSS7.1AI score0.0085EPSS
Exploits0References2
CVE
CVE
added 2024/04/30 8:32 a.m.75 views

CVE-2024-1895

CVE-2024-1895 affects the WordPress plugin Event Monster – Event Management, Tickets Booking, Upcoming Event . The vulnerability is a PHP Object Injection via deserialization in all versions up to and including 1.3.9, triggered by deserializing untrusted input from a shortcode of a custom meta va...

7.5CVSS6.1AI score0.0085EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2024/04/30 8:32 a.m.28 views

CVE-2024-1895 Event Monster <= 1.3.9 - Authenticated(Contributor+) PHP Object Injection via Custom Meta

The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.9 via deserialization via shortcode of untrusted input from a custom meta value. This makes it possible for authenticated...

7.5CVSS8.3AI score0.0085EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/04/30 12:0 a.m.4 views

WordPress plugin Event Monster 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the WordPre...

7.5CVSS7.2AI score0.0085EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.11 views

Event Monster <= 1.3.8 - Contributor+ PHP Object Injection via Custom Meta

Description The plugin is vulnerable to PHP Object Injection via deserialization via shortcode of untrusted input from a custom meta value. This makes it possible for authenticated attackers, with contributor access and above, to inject a PHP Object. No POP chain is present in the vulnerable...

7.5CVSS7.8AI score0.0085EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/04/25 12:0 a.m.44 views

PT-2024-14484 · Monster Insights · Google Analytics

Name of the Vulnerable Software and Affected Versions: Google Analytics by Monster Insights versions 8.21.0 and earlier Description: The issue is related to a Missing Authorization vulnerability. This vulnerability affects the MonsterInsights Google Analytics plugin by Monster Insights...

4.3CVSS7AI score0.00433EPSS
Exploits0References4
Openbugbounty
Openbugbounty
added 2024/03/27 9:19 a.m.9 views

monster-bite.com Cross Site Scripting vulnerability OBB-3888346

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2024/03/25 11:5 p.m.5 views

monster-bite.com Cross Site Scripting vulnerability OBB-3885779

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2024/03/19 2:21 a.m.4 views

monster-bite.com Cross Site Scripting vulnerability OBB-3878292

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
OSV
OSV
added 2024/02/09 8:15 a.m.3 views

CVE-2023-50026

SQL injection vulnerability in Presta Monster "Multi Accessories Pro" hsmultiaccessoriespro module for PrestaShop versions 5.1.1 and before, allows remote attackers to escalate privileges and obtain sensitive information via the method HsAccessoriesGroupProductAbstract::getAccessoriesByIdProducts...

9.8CVSS5.9AI score0.00611EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/02/09 12:0 a.m.5 views

CVE-2023-50026

SQL injection vulnerability in Presta Monster "Multi Accessories Pro" hsmultiaccessoriespro module for PrestaShop versions 5.1.1 and before, allows remote attackers to escalate privileges and obtain sensitive information via the method HsAccessoriesGroupProductAbstract::getAccessoriesByIdProducts...

9.8AI score0.00611EPSS
Exploits0References1
CVE
CVE
added 2024/02/09 12:0 a.m.54 views

CVE-2023-50026

CVE-2023-50026 is a SQL injection vulnerability affecting the PrestaMonster/PrestaShop integration in the hsmultiaccessoriespro module. The issue is triggered through HsAccessoriesGroupProductAbstract::getAccessoriesByIdProducts() and impacts PrestaShop versions 5.1.1 and earlier. According to th...

9.8CVSS9.6AI score0.00611EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder