VYPR

The Event Monster

by WordPress

CVEs (2)

  • CVE-2024-1895HigApr 30, 2024
    risk 0.42cvss 7.5epss 0.01

    The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.9 via deserialization via shortcode of untrusted input from a custom meta value. This makes it possible…

  • CVE-2024-11396MedJan 14, 2025
    risk 0.35cvss 5.3epss 0.02

    The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.3 via the Visitors List Export file. During the export, a CSV file is created in the wp-content folder…