Vulnerabilities > Themewinter
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-12-09 | CVE-2023-47805 | Unspecified vulnerability in Themewinter Wpcafe Missing Authorization vulnerability in Themewinter WPCafe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCafe: from n/a through 2.2.22. | 9.8 |
| 2024-09-27 | CVE-2024-7149 | Path Traversal vulnerability in Themewinter Eventin The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.0.8 via multiple style parameters. | 8.8 |
| 2024-08-13 | CVE-2024-43135 | Path Traversal vulnerability in Themewinter Wpcafe Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themewinter WPCafe allows PHP Local File Inclusion.This issue affects WPCafe: from n/a through 2.2.28. | 8.8 |
| 2024-07-09 | CVE-2024-37513 | Unspecified vulnerability in Themewinter Wpcafe Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themewinter WPCafe allows Path Traversal.This issue affects WPCafe: from n/a through 2.2.27. | 8.8 |
| 2024-05-31 | CVE-2024-5427 | Unspecified vulnerability in Themewinter Wpcafe The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Reservation Form shortcode in all versions up to, and including, 2.2.24 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-02-09 | CVE-2024-1122 | Missing Authorization vulnerability in Themewinter Eventin The Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_data() function in all versions up to, and including, 3.3.50. | 5.3 |