• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

Mage-people

CVE-2022-0478

February 23, 2023 by

The Event Manager and Tickets Selling for WooCommerce WordPress plugin before 3.5.8 does not validate and escape the post_author_gutenberg parameter before using it in a SQL statement when creating/editing events, which could allow users with a role as low as contributor to perform SQL Injection attacks

CVE-2023-0144

February 22, 2023 by godfreyd94

The Event Manager and Tickets Selling Plugin for WooCommerce WordPress plugin before 3.8.0 does not validate and escape some of its post meta before outputting them back in a page/post, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE