Imithemes

Eventer

10 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2025-39483

  • EPSS 0.03%
  • Veröffentlicht 14.08.2025 10:34:26
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Improper Control of Generation of Code ('Code Injection') vulnerability in imithemes Eventer eventer allows Code Injection.This issue affects Eventer: from n/a through < 3.9.9.1.

9.8

CVE-2025-39481

  • EPSS 0.24%
  • Veröffentlicht 16.05.2025 15:45:27
  • Zuletzt bearbeitet 01.04.2026 17:23:10

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in imithemes Eventer eventer allows Blind SQL Injection.This issue affects Eventer: from n/a through < 3.11.4.

8.8

CVE-2025-39482

  • EPSS 0.1%
  • Veröffentlicht 16.05.2025 15:45:26
  • Zuletzt bearbeitet 01.04.2026 17:23:11

Missing Authorization vulnerability in imithemes Eventer eventer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eventer: from n/a through < 3.11.4.

6.5

CVE-2025-0959

  • EPSS 0.1%
  • Veröffentlicht 07.03.2025 09:15:16
  • Zuletzt bearbeitet 13.03.2025 14:59:44

The Eventer - WordPress Event & Booking Manager Plugin plugin for WordPress is vulnerable to SQL Injection via the reg_id parameter in all versions up to, and including, 3.9.9.2 due to insufficient escaping on the user supplied parameter and lack of ...

6.1

CVE-2025-22635

  • EPSS 0.15%
  • Veröffentlicht 23.02.2025 23:15:10
  • Zuletzt bearbeitet 01.04.2026 16:22:24

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in imithemes Eventer eventer allows Reflected XSS.This issue affects Eventer: from n/a through < 3.9.9.

5.4

CVE-2024-11132

  • EPSS 0.13%
  • Veröffentlicht 03.02.2025 20:15:32
  • Zuletzt bearbeitet 08.04.2026 17:17:37

The Eventer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.9.9.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for ...

5.3

CVE-2024-11133

  • EPSS 0.35%
  • Veröffentlicht 03.02.2025 20:15:32
  • Zuletzt bearbeitet 08.04.2026 17:17:37

The Eventer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'handle_pdf_download_request' function in all versions up to, and including, 3.9.9.5. This makes it possible for unauthenticated at...

6.5

CVE-2024-11134

  • EPSS 0.11%
  • Veröffentlicht 03.02.2025 20:15:32
  • Zuletzt bearbeitet 04.03.2025 14:53:43

The Eventer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'eventer_export_bookings_csv' function in all versions up to, and including, 3.9.9. This makes it possible for authenticated attack...

7.5

CVE-2024-11135

  • EPSS 0.14%
  • Veröffentlicht 28.01.2025 05:15:09
  • Zuletzt bearbeitet 30.01.2025 18:03:45

The Eventer plugin for WordPress is vulnerable to SQL Injection via the 'event' parameter in the 'eventer_get_attendees' function in all versions up to, and including, 3.9.8 due to insufficient escaping on the user supplied parameter and lack of suff...

6.5

CVE-2024-10799

  • EPSS 2.34%
  • Veröffentlicht 17.01.2025 06:15:14
  • Zuletzt bearbeitet 05.06.2025 15:23:56

The Eventer plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.9.7 via the eventer_woo_download_tickets() function. This makes it possible for authenticated attackers, with Subscriber-level access and ab...