Vulnerabilities and security researches foreasy-paypal-events-tickets easy-paypal-events-tickets

Jun 07, 2024

CVE, Research URL: cc5c994c8fa9b2416f0e97a9f763aaab5c71441e
Home page URL: Security reports for Easy PayPal Events
Application: Easy PayPal Events
Date: Oct 11, 2021
Research Description: Easy PayPal Events & Tickets [easy-paypal-events-tickets] < 1.1.2 WordPress Easy PayPal Events plugin <= 1.1.1 - Reflected Cross-Site Scripting (XSS) vulnerability Reflected Cross-Site Scripting (XSS) vulnerability discovered by WPScanTeam in WordPress Easy PayPal Events plugin (versions <= 1.1.1).
Affected versions: Min -, max -.
Status: vulnerable

Sep 26, 2024

CVE, Research URL: CVE-2024-8476
Home page URL: Security reports for Easy PayPal Events
Application: Easy PayPal Events
Date: Sep 25, 2024
Research Description: The Easy PayPal Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on the wpeevent_plugin_buttons() function. This makes it possible for unauthenticated attackers to delete arbitrary posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: Min -, max -.
Status: vulnerable

May 09, 2025

CVE, Research URL: CVE-2025-47519
Home page URL: Security reports for Easy PayPal Events
Application: Easy PayPal Events
Date: May 07, 2025
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Easy PayPal Events allows Cross Site Request Forgery. This issue affects Easy PayPal Events: from n/a through 1.2.2.
Affected versions: Min -, max -.
Status: vulnerable