CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49703 – WordPress WpEvently plugin <= 4.2.5 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-49703
21 Oct 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MagePeople Team Event Manager for WooCommerce allows Stored XSS.This issue affects Event Manager for WooCommerce: from n/a through 4.2.5. The Event Manager for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.2.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contribu... • https://patchstack.com/database/vulnerability/mage-eventpress/wordpress-wpevently-plugin-4-2-5-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43138 – WordPress Event Manager and Tickets Selling Plugin for WooCommerce plugin <= 4.2.1 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-43138
07 Aug 2024 — Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in MagePeople Team Event Manager for WooCommerce allows PHP Local File Inclusion.This issue affects Event Manager for WooCommerce: from n/a through 4.2.1. The Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.2.1 via the 'mep_event_template' parameter. This makes it possible for au... • https://patchstack.com/database/vulnerability/mage-eventpress/wordpress-event-manager-and-tickets-selling-plugin-for-woocommerce-plugin-4-2-1-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24796 – WordPress Event Manager for WooCommerce Plugin <= 4.1.1 is vulnerable to PHP Object Injection
https://notcve.org/view.php?id=CVE-2024-24796
31 Jan 2024 — Deserialization of Untrusted Data vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin.This issue affects Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin: from n/a through 4.1.1. Vulnerabilidad de deserialización de datos no confiables en MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin. Este problema afecta a Event Manager and Tickets Selling Plu... • https://patchstack.com/database/vulnerability/mage-eventpress/wordpress-wpevently-plugin-4-1-1-php-object-injection-vulnerability?_s_id=cve • CWE-502: Deserialization of Untrusted Data •