Lucene search

Event Manager And Tickets Selling For Woocommerce Security Vulnerabilities

cve

CVE-2022-0478

The Event Manager and Tickets Selling for WooCommerce WordPress plugin before 3.5.8 does not validate and escape the post_author_gutenberg parameter before using it in a SQL statement when creating/editing events, which could allow users with a role as low as contributor to perform SQL Injection at...

8.8CVSS

9AI Score

0.001EPSS

2022-03-14 03:15 PM

cve

CVE-2023-0144

The Event Manager and Tickets Selling Plugin for WooCommerce WordPress plugin before 3.8.0 does not validate and escape some of its post meta before outputting them back in a page/post, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

5.4CVSS

5.3AI Score

0.001EPSS

2023-02-06 08:15 PM

cve

CVE-2023-28422

Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce <= 3.8.6. versions.

5.9CVSS

5.1AI Score

0.001EPSS

2023-03-23 12:15 PM

cve

CVE-2023-36383

Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce plugin <= 3.9.5 versions.

5.9CVSS

5.2AI Score

0.001EPSS

2023-07-18 03:15 PM

cve

CVE-2024-43138

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in MagePeople Team Event Manager for WooCommerce allows PHP Local File Inclusion.This issue affects Event Manager for WooCommerce: from n/a through 4.2.1.

8.8CVSS

6.5AI Score

0.0005EPSS

2024-08-13 12:15 PM