Eventespresso Event Espresso vulnerabilities
3 known vulnerabilities affecting eventespresso/event_espresso.
Total CVEs
3
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2020-26153P3MEDIUMCVSS 6.1PoCfixed in 4.10.7.p2021-07-13
CVE-2020-26153 [MEDIUM] CWE-79 CVE-2020-26153: A cross-site scripting (XSS) vulnerability in wp-content/plugins/event-espresso-core-reg/admin_pages
A cross-site scripting (XSS) vulnerability in wp-content/plugins/event-espresso-core-reg/admin_pages/messages/templates/ee_msg_admin_overview.template.php in the Event Espresso Core plugin before 4.10.7.p for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter.
nvd
CVE-2017-1002026P3HIGHCVSS 8.8v3.1.37.11.l2017-09-14
CVE-2017-1002026 [HIGH] CWE-89 CVE-2017-1002026: Vulnerability in wordpress plugin Event Expresso Free v3.1.37.11.L, The function edit_event_category
Vulnerability in wordpress plugin Event Expresso Free v3.1.37.11.L, The function edit_event_category does not sanitize user-supplied input via the $id parameter before passing it into an SQL statement.
nvd
CVE-2024-6883P4MEDIUMCVSS 4.3fixed in 5.0.222024-08-21
CVE-2024-6883 [MEDIUM] CWE-862 CVE-2024-6883: The Event Espresso 4 Decaf – Event Registration Event Ticketing plugin for WordPress is vulnerable t
The Event Espresso 4 Decaf – Event Registration Event Ticketing plugin for WordPress is vulnerable to limited unauthorized plugin settings modification due to a missing capability check on the saveTimezoneString and some other functions in all versions up to and including 4.10.46.decaf. This makes it possible for authenticated attackers, with Subscrib
nvd