Lucene search
K

104 matches found

CNNVD
CNNVD
added 2025/08/28 12:0 a.m.3 views

WordPress plugin WpEvently 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

8.8CVSS6.8AI score0.00339EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/08/27 4:15 p.m.4 views

WordPress WpEvently Plugin <= 4.4.8 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin WpEvently versions = 4.4.8...

8.8CVSS7AI score0.00339EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/08/16 11:25 a.m.6 views

CVE-2025-54705

Missing Authorization vulnerability in magepeopleteam WpEvently mage-eventpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpEvently: from n/a through = 4.4.6...

4.3CVSS5.9AI score0.00231EPSS
Exploits0References1
NVD
NVD
added 2025/08/14 11:15 a.m.14 views

CVE-2025-54705

Missing Authorization vulnerability in magepeopleteam WpEvently mage-eventpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpEvently: from n/a through = 4.4.6...

4.3CVSS0.00231EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/14 10:34 a.m.11 views

CVE-2025-54705 WordPress WpEvently plugin <= 4.4.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in magepeopleteam WpEvently mage-eventpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpEvently: from n/a through = 4.4.6...

4.3CVSS0.00231EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/14 10:34 a.m.3 views

CVE-2025-54705 WordPress WpEvently plugin <= 4.4.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in magepeopleteam WpEvently mage-eventpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpEvently: from n/a through = 4.4.6...

4.3CVSS5.9AI score0.00231EPSS
Exploits0References1
CVE
CVE
added 2025/08/14 10:34 a.m.21 views

CVE-2025-54705

CVE-2025-54705 is a Missing Authorization vulnerability in the WordPress plugin WpEvently (MagePeopleTeam) affecting versions up to 4.4.6. The issue stems from incorrectly configured access control, enabling a Broken Access Control scenario as described in multiple sources. The CVSS 3.1 base scor...

4.3CVSS5.9AI score0.00231EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/08/14 12:0 a.m.5 views

PT-2025-33257 · WordPress · Wpevently

Name of the Vulnerable Software and Affected Versions: WpEvently versions through 4.4.6 Description: The software contains a missing authorization flaw due to incorrectly configured access control security levels. Recommendations: Update WpEvently to a version later than 4.4.6...

4.3CVSS6.4AI score0.00231EPSS
Exploits0References5
NVD
NVD
added 2025/06/07 12:15 p.m.9 views

CVE-2025-5568

The WpEvently plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in all versions up to, and including, 4.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...

6.4CVSS0.00216EPSS
Exploits0References4
OSV
OSV
added 2025/06/07 11:17 a.m.4 views

CVE-2025-5568 WpEvently <= 4.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The WpEvently plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in all versions up to, and including, 4.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...

6.4CVSS6.1AI score0.00216EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/06/07 11:17 a.m.3 views

CVE-2025-5568 WpEvently <= 4.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The WpEvently plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in all versions up to, and including, 4.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...

6.4CVSS5.8AI score0.00216EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/06/07 11:17 a.m.17 views

CVE-2025-5568 WpEvently <= 4.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The WpEvently plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in all versions up to, and including, 4.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...

6.4CVSS0.00216EPSS
Exploits0References4
CVE
CVE
added 2025/06/07 11:17 a.m.83 views

CVE-2025-5568

CVE-2025-5568 concerns the WordPress plugin WpEvently (versions

6.4CVSS5.7AI score0.00216EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2025/06/07 12:0 a.m.4 views

WordPress plugin WpEvently 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS6AI score0.00216EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/06/07 12:0 a.m.6 views

PT-2025-24340 · WordPress · Wpevently

Name of the Vulnerable Software and Affected Versions: WpEvently plugin for WordPress versions prior to 4.4.2 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping, allowing authenticated attackers with Contributor-level access...

6.4CVSS5.8AI score0.00216EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2025/04/12 8:43 a.m.17 views

CVE-2025-32145

Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Object Injection.This issue affects WpEvently: from n/a through = 4.3.6...

8.8CVSS7.2AI score0.00419EPSS
Exploits0References1
NVD
NVD
added 2025/04/10 8:15 a.m.13 views

CVE-2025-32145

Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Object Injection.This issue affects WpEvently: from n/a through = 4.3.6...

8.8CVSS0.00419EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/10 8:9 a.m.11 views

CVE-2025-32145 WordPress WpEvently plugin <= 4.3.5 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently allows Object Injection. This issue affects WpEvently: from n/a through 4.3.5...

8.8CVSS6.9AI score0.00419EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/10 8:9 a.m.20 views

CVE-2025-32145 WordPress WpEvently plugin <= 4.3.6 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Object Injection.This issue affects WpEvently: from n/a through = 4.3.6...

8.8CVSS0.00419EPSS
Exploits0References1
CVE
CVE
added 2025/04/10 8:9 a.m.55 views

CVE-2025-32145

CVE-2025-32145 is a deserialization (PHP Object Injection) vulnerability in the WordPress plugin WpEvently (mage-eventpress). Affected versions: up to 4.3.5 (the Wordfence entry notes a fix in 4.3.6). Root cause: deserialization of untrusted data leading to object injection. Impact (per the CVSS ...

8.8CVSS7.2AI score0.00419EPSS
Exploits0References1
Rows per page
Query Builder