Skip to main content

Event Manager And Tickets Selling For Woocommerce

7 CVEs product

Monthly

CVE-2025-5568 MEDIUM PATCH This Month

The WpEvently plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in all versions up to, and including, 4.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

WordPress XSS Event Manager And Tickets Selling For Woocommerce PHP
NVD GitHub
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-43138 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in MagePeople Team Event Manager for WooCommerce allows PHP Local File Inclusion.2.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal PHP WordPress Event Manager And Tickets Selling For Woocommerce
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-24796 HIGH This Week

Deserialization of Untrusted Data vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce - WpEvently - WordPress Plugin.1.1. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization WordPress Event Manager And Tickets Selling For Woocommerce
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2023-36383 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Event Manager And Tickets Selling For Woocommerce
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-28422 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Event Manager And Tickets Selling For Woocommerce
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-0144 MEDIUM POC This Month

The Event Manager and Tickets Selling Plugin for WooCommerce WordPress plugin before 3.8.0 does not validate and escape some of its post meta before outputting them back in a page/post, which could. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Event Manager And Tickets Selling For Woocommerce
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-0478 HIGH POC PATCH This Week

The Event Manager and Tickets Selling for WooCommerce WordPress plugin before 3.5.8 does not validate and escape the post_author_gutenberg parameter before using it in a SQL statement when. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi WordPress Event Manager And Tickets Selling For Woocommerce
NVD WPScan
CVSS 3.1
8.8
EPSS
1.5%
EPSS 0% CVSS 6.4
MEDIUM PATCH This Month

The WpEvently plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in all versions up to, and including, 4.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

WordPress XSS Event Manager And Tickets Selling For Woocommerce +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in MagePeople Team Event Manager for WooCommerce allows PHP Local File Inclusion.2.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal PHP WordPress +1
NVD
EPSS 0% CVSS 8.2
HIGH This Week

Deserialization of Untrusted Data vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce - WpEvently - WordPress Plugin.1.1. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization WordPress Event Manager And Tickets Selling For Woocommerce
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Event Manager And Tickets Selling For Woocommerce
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Event Manager And Tickets Selling For Woocommerce
NVD
EPSS 0% CVSS 5.4
MEDIUM POC This Month

The Event Manager and Tickets Selling Plugin for WooCommerce WordPress plugin before 3.8.0 does not validate and escape some of its post meta before outputting them back in a page/post, which could. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Event Manager And Tickets Selling For Woocommerce
NVD WPScan
EPSS 2% CVSS 8.8
HIGH POC PATCH This Week

The Event Manager and Tickets Selling for WooCommerce WordPress plugin before 3.5.8 does not validate and escape the post_author_gutenberg parameter before using it in a SQL statement when. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi WordPress Event Manager And Tickets Selling For Woocommerce
NVD WPScan

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy