cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-1895,https://securityvulnerability.io/vulnerability/CVE-2024-1895,Event Monster Plugin Vulnerable to PHP Object Injection,"The Event Monster plugin for WordPress, specifically versions up to and including 1.3.4, is susceptible to a PHP Object Injection vulnerability due to deserialization of untrusted input from custom meta values. This vulnerability allows authenticated users with contributor access or higher to potentially inject PHP Objects. While the vulnerable plugin does not present a direct PHP Object Protocol (POP) chain, if an attacker finds an existing POP chain via another plugin or theme, the implications can be severe, enabling file deletion, sensitive data retrieval, or arbitrary code execution. Administrators should take precautionary measures to mitigate this risk by updating to the latest version and monitoring plugin usage.",Wordpress,"Event Monster – Event Management, Tickets Booking, Upcoming Event",7.5,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,2024-04-30T08:32:22.449Z,0
CVE-2022-3336,https://securityvulnerability.io/vulnerability/CVE-2022-3336,Event Monster < 1.2.0 - Visitors Deletion via CSRF,"The Event Monster WordPress plugin before 1.2.0 does not have CSRF check when deleting visitors, which could allow attackers to make logged in admin delete arbitrary visitors via a CSRF attack",Wordpress,Event Monster,4.3,MEDIUM,0.0006200000061653554,false,,false,false,false,,false,false,2022-11-21T00:00:00.000Z,0
CVE-2022-3720,https://securityvulnerability.io/vulnerability/CVE-2022-3720,Event Monster < 1.2.1 - Admin+ SQLi,"The Event Monster WordPress plugin before 1.2.0 does not validate and escape some parameters before using them in SQL statements, which could lead to SQL Injection exploitable by high privilege users",Wordpress,Event Monster,7.2,HIGH,0.0011399999493733048,false,,false,false,false,,false,false,2022-11-21T00:00:00.000Z,0