cleantalk
Vulnerabilities and Security Researches

Event Espresso 4 Decaf – Event Registration Event Ticketing, CVE-2021-4404

CVE, Research URL

CVE-2021-4404

Home page URL

Security reports for Event Espresso 4 Decaf – Event Registration Event Ticketing

Application

Event Espresso 4 Decaf – Event Registration Event Ticketing

Published on
Jul 01, 2023
Research Description
The Event Espresso 4 Decaf plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.10.11. This is due to missing or incorrect nonce validation on the ajaxHandler() function. This makes it possible for unauthenticated attackers to op into notifications via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
max 4.10.12.
Status
vulnerable
Previous vulnerability researches
Event Espresso 4 Decaf – Event Registration Event Ticketing (CVE-2024-6883) , Aug 22, 2024
Event Espresso 4 Decaf – Event Registration Event Ticketing (CVE-2024-56251) , Jan 03, 2025
Event Espresso 4 Decaf – Event Registration Event Ticketing (CVE-2025-68007) , Jan 28, 2026
Event Espresso 4 Decaf – Event Registration Event Ticketing (CVE-2021-4404) , Jun 07, 2024
Event Espresso 4 Decaf – Event Registration Event Ticketing (0d179fff144e451edfdd3cb96273a090f56f2585) , Jun 07, 2024
New vulnerability
APPExperts – Mobile App Builder for WordPress | WooCommerce to iOS and Android Apps (CVE-2025-68881) , Jan 28, 2026
Simple Calendar – Google Calendar Plugin (CVE-2025-68979) , Jan 28, 2026
Contact Form Builder Plugin: Multi Step Contact Form, Payment Form, Custom Contact Form Plugin by Bit Form (CVE-2025-14901) , Jan 28, 2026
IMGspider – 图片采集抓取插件 (CVE-2026-22482) , Jan 28, 2026
NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor (CVE-2025-15380) , Jan 28, 2026