Lukashuser Ekc Tournament Manager vulnerabilities
4 known vulnerabilities affecting lukashuser/ekc_tournament_manager.
Total CVEs
4
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
MEDIUM3UNKNOWN1
Vulnerabilities
Page 1 of 1
CVE-2024-9765MEDIUMCVSS 6.5PoCfixed in 2.2.22025-05-15
CVE-2024-9765 [MEDIUM] CWE-552 CVE-2024-9765: The EKC Tournament Manager WordPress plugin before 2.2.2 allows a logged in admin to download system
The EKC Tournament Manager WordPress plugin before 2.2.2 allows a logged in admin to download system files outside of the WordPress directory
nvd
CVE-2024-9709MEDIUMCVSS 5.4fixed in 2.2.22025-05-15
CVE-2024-9709 [MEDIUM] CWE-352 CVE-2024-9709: The EKC Tournament Manager WordPress plugin before 2.2.2 does not have CSRF check in place when upda
The EKC Tournament Manager WordPress plugin before 2.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
nvd
CVE-2024-9711MEDIUMCVSS 5.4fixed in 2.2.22025-05-15
CVE-2024-9711 [MEDIUM] CWE-352 CVE-2024-9711: The EKC Tournament Manager WordPress plugin before 2.2.2 does not have CSRF check in place when upda
The EKC Tournament Manager WordPress plugin before 2.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
nvd
CVE-2024-49674UNKNOWN≤ 2.2.12024-10-31
CVE-2024-49674 CWE-352 CVE-2024-49674: Cross-Site Request Forgery (CSRF) vulnerability in lukashuser EKC Tournament Manager ekc-tournament-
Cross-Site Request Forgery (CSRF) vulnerability in lukashuser EKC Tournament Manager ekc-tournament-manager allows Upload a Web Shell to a Web Server.This issue affects EKC Tournament Manager: from n/a through <= 2.2.1.
cvelistv5nvd