Eventespresso
eventespresso
5 CVEs • 3 products
Products (3)
Click to collapseToggle
Products (3)
Click to collapse
CVEs (5)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
The Event Espresso 4 Decaf – Event Registration Event Ticketing plugin for WordPress is vulnerable to limited unauthorized plugin settings modification due to a missing capability check on the saveTimezoneString and some...Show more |
1Eventespresso 1Event Espresso 4 Decaf Jun 17, 2026 Jul 1, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Event Espresso 4 Decaf plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.10.11. This is due to missing or incorrect nonce validation on the ajaxHandler() function. T...Show more |
1Eventespresso 1Event Espresso Jun 17, 2026 Jul 13, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 A cross-site scripting (XSS) vulnerability in wp-content/plugins/event-espresso-core-reg/admin_pages/messages/templates/ee_msg_admin_overview.template.php in the Event Espresso Core plugin before 4.10.7.p for WordPress a...Show more |
1Eventespresso 1Event Espresso Lite May 13, 2026 Sep 27, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 SQL Injection exists in /includes/event-management/index.php in the event-espresso-free (aka Event Espresso Lite) plugin v3.1.37.12.L for WordPress via the recurrence_id parameter to /wp-admin/admin.php. |
1Eventespresso 1Event Espresso May 13, 2026 Sep 14, 2017 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Vulnerability in wordpress plugin Event Expresso Free v3.1.37.11.L, The function edit_event_category does not sanitize user-supplied input via the $id parameter before passing it into an SQL statement. |