VYPR
Vendor

Eventespresso

Products
1
CVEs
7
Across products
7
Status
Private

Products

1

Recent CVEs

7
  • CVE-2017-14760CriSep 27, 2017
    risk 0.64cvss 9.8epss 0.02

    SQL Injection exists in /includes/event-management/index.php in the event-espresso-free (aka Event Espresso Lite) plugin v3.1.37.12.L for WordPress via the recurrence_id parameter to /wp-admin/admin.php.

  • CVE-2017-1002026HigSep 14, 2017
    risk 0.57cvss 8.8epss 0.02

    Vulnerability in wordpress plugin Event Expresso Free v3.1.37.11.L, The function edit_event_category does not sanitize user-supplied input via the $id parameter before passing it into an SQL statement.

  • CVE-2025-68007MedJan 22, 2026
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Event Espresso Event Espresso 4 Decaf event-espresso-decaf allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Espresso 4 Decaf: from n/a through <= 5.0.37.decaf.

  • CVE-2024-56251MedJan 2, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Event Espresso Event Espresso 4 Decaf event-espresso-decaf allows Cross Site Request Forgery.This issue affects Event Espresso 4 Decaf: from n/a through <= 5.0.28.decaf.

  • CVE-2024-6883MedAug 21, 2024
    risk 0.28cvss 4.3epss 0.00

    The Event Espresso 4 Decaf – Event Registration Event Ticketing plugin for WordPress is vulnerable to limited unauthorized plugin settings modification due to a missing capability check on the saveTimezoneString and some other functions in all versions up to and including…

  • CVE-2023-27437LowJun 3, 2024
    risk 0.24cvss 3.7epss 0.00

    Missing Authorization vulnerability in Event Espresso Event Espresso 4 Decaf allows Functionality Misuse.This issue affects Event Espresso 4 Decaf: from n/a through 4.10.44.Decaf.

  • CVE-2021-4404MedJul 1, 2023
    risk 0.21cvss 4.3epss 0.00

    The Event Espresso 4 Decaf plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.10.11. This is due to missing or incorrect nonce validation on the ajaxHandler() function. This makes it possible for unauthenticated attackers to op…