cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-24796,https://securityvulnerability.io/vulnerability/CVE-2024-24796,Deserialization of Untrusted Data Vulnerability Affects MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce - WpEvently - WordPress Plugin,"The MagePeople Event Manager and Tickets Selling Plugin for WooCommerce is susceptible to a deserialization of untrusted data vulnerability. This flaw allows attackers to potentially execute arbitrary PHP code, leading to severe security implications. Specifically, it affects versions from the initial release through 4.1.1, threatening the integrity and confidentiality of the WordPress sites that utilize this plugin. Site administrators are urged to review the plugin's configurations and verify they are not running an affected version to safeguard against potential exploitation.",Wordpress,Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin,8.8,HIGH,0.0005799999926239252,false,,false,false,false,,false,false,2024-02-12T07:47:08.095Z,0
CVE-2023-0144,https://securityvulnerability.io/vulnerability/CVE-2023-0144,Event Manager and Tickets Selling Plugin for WooCommerce < 3.8.0 - Contributor+ Stored XSS,"The Event Manager and Tickets Selling Plugin for WooCommerce WordPress plugin before 3.8.0 does not validate and escape some of its post meta before outputting them back in a page/post, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.",Wordpress,Event Manager and Tickets Selling Plugin for WooCommerce,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2023-02-06T20:15:00.000Z,0
CVE-2022-0478,https://securityvulnerability.io/vulnerability/CVE-2022-0478,Event Manager for WooCommerce < 3.5.8 - Contributor+ SQL Injection,"The Event Manager and Tickets Selling for WooCommerce WordPress plugin before 3.5.8 does not validate and escape the post_author_gutenberg parameter before using it in a SQL statement when creating/editing events, which could allow users with a role as low as contributor to perform SQL Injection attacks",Wordpress,Event Manager And Tickets Selling Plugin For WooCommerce,8.8,HIGH,0.0010100000072270632,false,,false,false,false,,false,false,2022-03-14T14:41:34.000Z,0