cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-6883,https://securityvulnerability.io/vulnerability/CVE-2024-6883,Authenticated Attackers Can Modify Event Registration Plugin Settings Due to Capability Check Failure,"The Event Espresso 4 Decaf – Event Registration Event Ticketing plugin for WordPress is vulnerable to limited unauthorized plugin settings modification due to a missing capability check on the saveTimezoneString and some other functions in all versions up to, and including, 5.0.22.decaf. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify some of the plugin settings.",Wordpress,Event Espresso – Event Registration & Ticketing Sales,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-08-21T05:30:21.157Z,0
CVE-2021-4404,https://securityvulnerability.io/vulnerability/CVE-2021-4404,Cross-Site Request Forgery Vulnerability in Event Espresso 4 Decaf Plugin for WordPress,"The Event Espresso 4 Decaf plugin for WordPress is susceptible to Cross-Site Request Forgery (CSRF) due to inadequate nonce validation in the ajaxHandler() function. This vulnerability enables unauthenticated attackers to exploit the system by tricking site administrators into performing actions via a maliciously crafted request, potentially leading to unauthorized access to notifications or sensitive functionalities. It is crucial for users of version 4.10.11 and earlier to apply the appropriate updates to mitigate these risks.",Wordpress,Event Espresso 4 Decaf – Event Registration Event Ticketing,4.3,MEDIUM,0.00046999999904073775,false,,false,false,false,,false,false,2023-07-01T05:33:29.497Z,0