104 matches found
WordPress plugin WpEvently 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...
WordPress WpEvently Plugin <= 4.4.8 - PHP Object Injection Vulnerability
PHP Object Injection Vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin WpEvently versions = 4.4.8...
CVE-2025-54705
Missing Authorization vulnerability in magepeopleteam WpEvently mage-eventpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpEvently: from n/a through = 4.4.6...
CVE-2025-54705
Missing Authorization vulnerability in magepeopleteam WpEvently mage-eventpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpEvently: from n/a through = 4.4.6...
CVE-2025-54705 WordPress WpEvently plugin <= 4.4.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in magepeopleteam WpEvently mage-eventpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpEvently: from n/a through = 4.4.6...
CVE-2025-54705 WordPress WpEvently plugin <= 4.4.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in magepeopleteam WpEvently mage-eventpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpEvently: from n/a through = 4.4.6...
CVE-2025-54705
CVE-2025-54705 is a Missing Authorization vulnerability in the WordPress plugin WpEvently (MagePeopleTeam) affecting versions up to 4.4.6. The issue stems from incorrectly configured access control, enabling a Broken Access Control scenario as described in multiple sources. The CVSS 3.1 base scor...
PT-2025-33257 · WordPress · Wpevently
Name of the Vulnerable Software and Affected Versions: WpEvently versions through 4.4.6 Description: The software contains a missing authorization flaw due to incorrectly configured access control security levels. Recommendations: Update WpEvently to a version later than 4.4.6...
CVE-2025-5568
The WpEvently plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in all versions up to, and including, 4.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...
CVE-2025-5568 WpEvently <= 4.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
The WpEvently plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in all versions up to, and including, 4.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...
CVE-2025-5568 WpEvently <= 4.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
The WpEvently plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in all versions up to, and including, 4.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...
CVE-2025-5568 WpEvently <= 4.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
The WpEvently plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in all versions up to, and including, 4.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...
CVE-2025-5568
CVE-2025-5568 concerns the WordPress plugin WpEvently (versions
WordPress plugin WpEvently 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
PT-2025-24340 · WordPress · Wpevently
Name of the Vulnerable Software and Affected Versions: WpEvently plugin for WordPress versions prior to 4.4.2 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping, allowing authenticated attackers with Contributor-level access...
CVE-2025-32145
Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Object Injection.This issue affects WpEvently: from n/a through = 4.3.6...
CVE-2025-32145
Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Object Injection.This issue affects WpEvently: from n/a through = 4.3.6...
CVE-2025-32145 WordPress WpEvently plugin <= 4.3.5 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently allows Object Injection. This issue affects WpEvently: from n/a through 4.3.5...
CVE-2025-32145 WordPress WpEvently plugin <= 4.3.6 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Object Injection.This issue affects WpEvently: from n/a through = 4.3.6...
CVE-2025-32145
CVE-2025-32145 is a deserialization (PHP Object Injection) vulnerability in the WordPress plugin WpEvently (mage-eventpress). Affected versions: up to 4.3.5 (the Wordfence entry notes a fix in 4.3.6). Root cause: deserialization of untrusted data leading to object injection. Impact (per the CVSS ...