Vulnerabilities > Themewinter

DATE CVE VULNERABILITY TITLE RISK
2024-12-09 CVE-2023-47805 Unspecified vulnerability in Themewinter Wpcafe
Missing Authorization vulnerability in Themewinter WPCafe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCafe: from n/a through 2.2.22.
network
low complexity
themewinter
critical
9.8
2024-09-27 CVE-2024-7149 Path Traversal vulnerability in Themewinter Eventin
The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.0.8 via multiple style parameters.
network
low complexity
themewinter CWE-22
8.8
2024-08-13 CVE-2024-43135 Path Traversal vulnerability in Themewinter Wpcafe
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themewinter WPCafe allows PHP Local File Inclusion.This issue affects WPCafe: from n/a through 2.2.28.
network
low complexity
themewinter CWE-22
8.8
2024-07-09 CVE-2024-37513 Unspecified vulnerability in Themewinter Wpcafe
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themewinter WPCafe allows Path Traversal.This issue affects WPCafe: from n/a through 2.2.27.
network
low complexity
themewinter
8.8
2024-05-31 CVE-2024-5427 Unspecified vulnerability in Themewinter Wpcafe
The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Reservation Form shortcode in all versions up to, and including, 2.2.24 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
themewinter
5.4
2024-02-09 CVE-2024-1122 Missing Authorization vulnerability in Themewinter Eventin
The Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_data() function in all versions up to, and including, 3.3.50.
network
low complexity
themewinter CWE-862
5.3