17 matches found
EUVD-2024-22172
Malicious code in bioql PyPI...
CVE-2024-49703 WordPress WpEvently plugin <= 4.2.5 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in magepeopleteam WpEvently mage-eventpress.This issue affects WpEvently: from n/a through = 4.2.5...
CVE-2024-49703
CVE-2024-49703 affects the WordPress plugin Event Manager for WooCommerce (MagePeople) up to version 4.2.5. It is a Stored XSS caused by improper input neutralization during web page generation. Impact: stored cross‑site scripting vulnerability (Medium severity; CVSS 3.1 base score 6.5). Remediat...
CVE-2024-49703 WordPress WpEvently plugin <= 4.2.5 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in magepeopleteam WpEvently mage-eventpress.This issue affects WpEvently: from n/a through = 4.2.5...
CVE-2024-43138 WordPress Event Manager and Tickets Selling Plugin for WooCommerce plugin <= 4.2.1 - Local File Inclusion vulnerability
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in MagePeople Team Event Manager for WooCommerce allows PHP Local File Inclusion.This issue affects Event Manager for WooCommerce: from n/a through 4.2.1...
CVE-2024-24796
Deserialization of Untrusted Data vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin.This issue affects Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin: from n/a through 4.1.1...
CVE-2024-24796
CVE-2024-24796 describes a PHP Object Injection (Deserialization of Untrusted Data) vulnerability in the WordPress plugin “MageEventpress” (Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently), affected versions n/a through 4.1.1. Public sources confirm the issue stems from untru...
CVE-2023-36383
Auth. editor+ Stored Cross-Site Scripting XSS vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce plugin = 3.9.5 versions...
CVE-2023-36383 WordPress Event Manager for WooCommerce Plugin <= 3.9.5 is vulnerable to Cross Site Scripting (XSS)
Auth. editor+ Stored Cross-Site Scripting XSS vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce plugin = 3.9.5 versions...
CVE-2023-36383
Summary: CVE-2023-36383 concerns a Stored Cross-Site Scripting (XSS) in the MagePeople MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce, version <= 3.9.5, exploitable by authenticated users with editor privileges. Affected components: WordPress plugin “Event Manager for...
PT-2023-25564 · Magepeople · Magepeople Team Event Manager/Tickets Selling Plugin For Woocommerce
Name of the Vulnerable Software and Affected Versions: MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce plugin versions = 3.9.5 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that affects authenticated users with editor or higher...
CVE-2022-47164
Cross-Site Request Forgery CSRF vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce plugin = 3.7.7 versions...
CVE-2022-47164
CVE-2022-47164: MagePeople/MageEventpress WordPress plugin for WooCommerce (Event Manager and Tickets Selling) versions
PT-2023-15207 · WordPress · Magepeople Team Event Manager/Tickets Selling Plugin For Woocommerce
Name of the Vulnerable Software and Affected Versions: MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce plugin versions = 3.7.7 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a us...
CVE-2023-28422
Auth. admin+ Stored Cross-site Scripting XSS vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce = 3.8.6. versions...
CVE-2023-28422
CVE-2023-28422 affects MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce (WordPress). Describes an authenticated (admin+) stored XSS in versions up to 3.8.6. CVSS/metrics vary: NVD lists a medium impact (C, I) with no availability impact; PatchStack notes a fix in 3.8.7 and...
PT-2023-21709 · Magepeople · Magepeople Team Event Manager/Tickets Selling Plugin For Woocommerce
Name of the Vulnerable Software and Affected Versions: MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce versions 3.8.6 and earlier Description: The issue is related to a Stored Cross-site Scripting XSS vulnerability that requires authentication with admin+ privileges. This...