Vulnerabilities and security researches forwp-event-solution wp-event-solution
Direction: ascendingEvent Manager, Events Calendar, Events Tickets for WooCommerce – Eventin # CVE-2024-1122
- CVE, Research URL
- Home page URL
-
Security reports for Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin
- Date
- Feb 09, 2024
- Research Description
- The Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_data() function in all versions up to, and including, 3.3.50. This makes it possible for unauthenticated attackers to export event data.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin # f4685f6f478a2942072b9c51ebe4f460c17ead60
- CVE, Research URL
- Home page URL
-
Security reports for Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin
- Date
- Dec 04, 2023
- Research Description
- Event Manager, Events Calendar, Tickets, Registrations – Eventin [wp-event-solution] < 3.3.53 WordPress Eventin Plugin <= 3.3.44 is vulnerable to Broken Access Control No patched version is available. Abdi Pranata discovered and reported this Broken Access Control vulnerability in WordPress Eventin Plugin. A broken access control issue refers to a missing authorization, authentication or nonce token check in a function that could lead to an unprivileged user to executing a certain higher privileged action. This vulnerability has not been known to be fixed yet.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin # CVE-2023-49756
- CVE, Research URL
- Home page URL
-
Security reports for Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin
- Date
- Dec 09, 2024
- Research Description
- Missing Authorization vulnerability in Themewinter Eventin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eventin: from n/a through 3.3.52.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin # CVE-2024-37507
- CVE, Research URL
- Home page URL
-
Security reports for Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin
- Date
- Jul 21, 2024
- Research Description
- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themewinter Eventin allows Stored XSS.This issue affects Eventin: from n/a through 3.3.57.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin # CVE-2024-6033
- CVE, Research URL
- Home page URL
-
Security reports for Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin
- Date
- Jul 17, 2024
- Research Description
- The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to unauthorized data importation due to a missing capability check on the 'import_file' function in all versions up to, and including, 4.0.4. This makes it possible for authenticated attackers, with Contributor-level access and above, to import events, speakers, schedules and attendee data.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin # CVE-2024-39648
- CVE, Research URL
- Home page URL
-
Security reports for Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin
- Date
- Aug 02, 2024
- Research Description
- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themewinter Eventin allows Stored XSS.This issue affects Eventin: from n/a through 4.0.5.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin # CVE-2024-7149
- CVE, Research URL
- Home page URL
-
Security reports for Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin
- Date
- Sep 27, 2024
- Research Description
- The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.0.8 via multiple style parameters. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin # CVE-2024-56213
- CVE, Research URL
- Home page URL
-
Security reports for Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin
- Date
- Dec 31, 2024
- Research Description
- Path Traversal: '.../...//' vulnerability in Themewinter Eventin allows Path Traversal.This issue affects Eventin: from n/a through 4.0.7.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin # CVE-2025-26964
- CVE, Research URL
- Home page URL
-
Security reports for Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin
- Date
- Feb 25, 2025
- Research Description
- Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Themewinter Eventin allows PHP Local File Inclusion. This issue affects Eventin: from n/a through 4.0.20.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin # CVE-2025-1766
- CVE, Research URL
- Home page URL
-
Security reports for Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin
- Date
- Mar 20, 2025
- Research Description
- The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'payment_complete' function in all versions up to, and including, 4.0.24. This makes it possible for unauthenticated attackers to update the status of ticket payments to 'completed', possibly resulting in financial loss.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin # CVE-2025-1770
- CVE, Research URL
- Home page URL
-
Security reports for Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin
- Date
- Mar 20, 2025
- Research Description
- The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.0.24 via the 'style' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin # CVE-2025-39584
- CVE, Research URL
- Home page URL
-
Security reports for Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin
- Date
- Apr 16, 2025
- Research Description
- Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Themewinter Eventin allows PHP Local File Inclusion. This issue affects Eventin: from n/a through 4.0.25.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable