VYPR

Event Espresso 4 Decaf

by WordPress

CVEs (2)

  • CVE-2024-6883MedAug 21, 2024
    risk 0.28cvss 4.3epss 0.00

    The Event Espresso 4 Decaf – Event Registration Event Ticketing plugin for WordPress is vulnerable to limited unauthorized plugin settings modification due to a missing capability check on the saveTimezoneString and some other functions in all versions up to and including…

  • CVE-2021-4404MedJul 1, 2023
    risk 0.21cvss 4.3epss 0.00

    The Event Espresso 4 Decaf plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.10.11. This is due to missing or incorrect nonce validation on the ajaxHandler() function. This makes it possible for unauthenticated attackers to op…