Vulnerabilities > Eventespresso

DATE	CVE	VULNERABILITY TITLE	RISK
2023-07-01	CVE-2021-4404	Unspecified vulnerability in Eventespresso Event Espresso 4 Decaf 4.10.11 The Event Espresso 4 Decaf plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.10.11. network low complexity eventespresso	4.3
2021-07-13	CVE-2020-26153	Cross-site Scripting vulnerability in Eventespresso Event Espresso A cross-site scripting (XSS) vulnerability in wp-content/plugins/event-espresso-core-reg/admin_pages/messages/templates/ee_msg_admin_overview.template.php in the Event Espresso Core plugin before 4.10.7.p for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter. network eventespresso CWE-79	4.3
2017-09-27	CVE-2017-14760	SQL Injection vulnerability in Eventespresso Event Espresso Lite SQL Injection exists in /includes/event-management/index.php in the event-espresso-free (aka Event Espresso Lite) plugin v3.1.37.12.L for WordPress via the recurrence_id parameter to /wp-admin/admin.php. network low complexity eventespresso CWE-89	7.5
2017-09-14	CVE-2017-1002026	SQL Injection vulnerability in Eventespresso Event Espresso 3.1.37.11.L Vulnerability in wordpress plugin Event Expresso Free v3.1.37.11.L, The function edit_event_category does not sanitize user-supplied input via the $id parameter before passing it into an SQL statement. network low complexity eventespresso CWE-89	6.5

Vulnerabilities > Eventespresso {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Eventespresso"}]}