← Back

Event Espresso

event_espresso

Vendor: Eventespresso • 3 CVEs

CVEs (3)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
1Eventespresso
1Event Espresso
Jun 17, 2026
Aug 21, 2024
N/A· v4
4.3 MEDIUM· v3
N/A· v2
The Event Espresso 4 Decaf – Event Registration Event Ticketing plugin for WordPress is vulnerable to limited unauthorized plugin settings modification due to a missing capability check on the saveTimezoneString and some...Show more
The Event Espresso 4 Decaf – Event Registration Event Ticketing plugin for WordPress is vulnerable to limited unauthorized plugin settings modification due to a missing capability check on the saveTimezoneString and some other functions in all versions up to and including 4.10.46.decaf. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify some of the plugin settings.Show less
1Eventespresso
1Event Espresso
Jun 17, 2026
Jul 13, 2021
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
A cross-site scripting (XSS) vulnerability in wp-content/plugins/event-espresso-core-reg/admin_pages/messages/templates/ee_msg_admin_overview.template.php in the Event Espresso Core plugin before 4.10.7.p for WordPress a...Show more
A cross-site scripting (XSS) vulnerability in wp-content/plugins/event-espresso-core-reg/admin_pages/messages/templates/ee_msg_admin_overview.template.php in the Event Espresso Core plugin before 4.10.7.p for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter.Show less
1Eventespresso
1Event Espresso
May 13, 2026
Sep 14, 2017
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
Vulnerability in wordpress plugin Event Expresso Free v3.1.37.11.L, The function edit_event_category does not sanitize user-supplied input via the $id parameter before passing it into an SQL statement.