Vulnerabilities > Themewinter

DATE CVE VULNERABILITY TITLE RISK
2024-09-27 CVE-2024-7149 Path Traversal vulnerability in Themewinter Eventin
The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.0.8 via multiple style parameters.
network
low complexity
themewinter CWE-22
8.8
8.8
2024-08-13 CVE-2024-43135 Path Traversal vulnerability in Themewinter Wpcafe
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themewinter WPCafe allows PHP Local File Inclusion.This issue affects WPCafe: from n/a through 2.2.28.
network
low complexity
themewinter CWE-22
8.8
8.8
2024-07-17 CVE-2024-6033 Missing Authorization vulnerability in Themewinter Eventin
The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to unauthorized data importation due to a missing capability check on the 'import_file' function in all versions up to, and including, 4.0.4.
network
low complexity
themewinter CWE-862
4.3
4.3
2024-07-09 CVE-2024-37513 Path Traversal vulnerability in Themewinter Wpcafe
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themewinter WPCafe allows Path Traversal.This issue affects WPCafe: from n/a through 2.2.27.
network
low complexity
themewinter CWE-22
8.8
8.8
2024-02-09 CVE-2024-1122 Missing Authorization vulnerability in Themewinter Eventin
The Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_data() function in all versions up to, and including, 3.3.50.
network
low complexity
themewinter CWE-862
5.3
5.3