NotCVE - vendor:"Mage-people" product:"Event Manager And Tickets Selling For Woocommerce"

5 results (0.009 seconds)

CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-36383 – WordPress Event Manager for WooCommerce Plugin <= 3.9.5 is vulnerable to Cross Site Scripting (XSS)

https://notcve.org/view.php?id=CVE-2023-36383

18 Jul 2023 — Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce plugin <= 3.9.5 versions. Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce plugin <= 3.9.5 versions. • https://patchstack.com/database/vulnerability/mage-eventpress/wordpress-event-manager-and-tickets-selling-plugin-for-woocommerce-plugin-3-9-5-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-28422 – WordPress Event Manager for WooCommerce Plugin <= 3.8.6 is vulnerable to Cross Site Scripting (XSS)

https://notcve.org/view.php?id=CVE-2023-28422

20 Mar 2023 — Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce <= 3.8.6. versions. The Event Manager for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mep_get_option' function in versions up to, and including, 3.8.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrator-level access, and above, to inject arbitrary web ... • https://patchstack.com/database/vulnerability/mage-eventpress/wordpress-event-manager-for-woocommerce-plugin-3-8-6-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-47164 – WordPress Event Manager for WooCommerce Plugin <= 3.7.7 is vulnerable to Cross Site Request Forgery (CSRF)

https://notcve.org/view.php?id=CVE-2022-47164

16 Mar 2023 — Cross-Site Request Forgery (CSRF) vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce plugin <= 3.7.7 versions. The Event Manager for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.7.7. This is due to missing or incorrect nonce validation on the 'uninstall_reason_submission' function. This makes it possible for unauthenticated attackers to submit plugin uninstall reasons via a forged request granted they ... • https://patchstack.com/database/vulnerability/mage-eventpress/wordpress-event-manager-and-tickets-selling-plugin-for-woocommerce-plugin-3-7-7-cross-site-request-forgery-csrf?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-0144 – Event Manager and Tickets Selling Plugin for WooCommerce < 3.8.0 - Contributor+ Stored XSS

https://notcve.org/view.php?id=CVE-2023-0144

10 Jan 2023 — The Event Manager and Tickets Selling Plugin for WooCommerce WordPress plugin before 3.8.0 does not validate and escape some of its post meta before outputting them back in a page/post, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. The Event Manager and Tickets Selling Plugin for WooCommerce is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 3.7.9 due to insufficient input sanitization and o... • https://wpscan.com/vulnerability/d7b3917a-d11f-4216-9d2c-30771d83a7b4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2022-0478 – Event Manager for WooCommerce < 3.5.8 - Contributor+ SQL Injection

https://notcve.org/view.php?id=CVE-2022-0478

21 Feb 2022 — The Event Manager and Tickets Selling for WooCommerce WordPress plugin before 3.5.8 does not validate and escape the post_author_gutenberg parameter before using it in a SQL statement when creating/editing events, which could allow users with a role as low as contributor to perform SQL Injection attacks El plugin Event Manager and Tickets Selling for WooCommerce de WordPress versiones anteriores a 3.5.8, no comprueba ni escapa el parámetro post_author_gutenberg antes de usarlo en una sentencia SQL cuando so... • https://plugins.trac.wordpress.org/changeset/2671860 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •