GCVE - cpe:2.3:a:awplife:event_monster:*:*:*:*:*:wordpress:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:awplife:event_monster:*:*:*:*:*:wordpress:*:*

part: a version: * update: *

Vendor	Awplife (`1de09ac5-fc6f-5a67-a308-19d788c6e8ed`)
Product	Event Monster (`42f9d70d-d5a7-557e-9dad-8e647f66e3e7`)
Edition	*
Language	*
Software edition	*
Target software	wordpress
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-5059`	vulnerable	2026-06-08 06:56:14.749976	WordPress Event Monster Plugin <= 1.4.0 - Sensitive Data Exposure vulnerability MEDIUM (5.3) Exposure of Sensitive Information to an Unauthorized Actor vulnerability in A WP Life Event Management Tickets Booking.This issue affects Event Management Tickets Booking: from n/a through 1.4.0. Published: 2024-06-21T13:03:31.137Z Updated: 2026-04-28T16:10:32.143Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/event-monster/wordpress-event-monster-plugin-1-4-0-sensitive-data-exposure-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-1895`	vulnerable	2026-06-08 06:27:14.872420	Event Monster <= 1.3.9 - Authenticated(Contributor+) PHP Object Injection via Custom Meta HIGH (7.5) The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.9 via deserialization via shortcode of untrusted input from a custom meta value. This makes it possible for authenticated attackers, with contributor access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. Published: 2024-04-30T08:32:22.449Z Updated: 2026-04-08T16:48:48.253Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/41d7b3f1-a133-4678-b2d9-3f9951cbc005?source=cve https://plugins.trac.wordpress.org/browser/event-monster/tags/1.3.3/shortcode.php https://plugins.trac.wordpress.org/changeset/3102670	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-11396`	vulnerable	2026-06-08 06:23:49.567394	Event monster <= 1.4.3 - Information Exposure Via Visitors List Export MEDIUM (5.3) The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.3 via the Visitors List Export file. During the export, a CSV file is created in the wp-content folder with a hardcoded filename that is publicly accessible. This makes it possible for unauthenticated attackers to extract data about event visitors, that includes first and last names, email, and phone number. Published: 2025-01-13T23:21:40.170Z Updated: 2026-04-08T16:35:41.009Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/0f522dfe-f2c2-4adb-980c-1f03d3c26e12?source=cve https://plugins.trac.wordpress.org/browser/event-monster/tags/1.4.3/em-ajax-prossesing/em-visitor-ajax.php#L92	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-47525`	vulnerable	2026-06-08 06:14:24.820251	WordPress Event Management Tickets Booking Plugin <= 1.3.2 is vulnerable to Cross Site Scripting (XSS) MEDIUM (5.9) Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in A WP Life Event Monster – Event Management, Tickets Booking, Upcoming Event allows Stored XSS.This issue affects Event Monster – Event Management, Tickets Booking, Upcoming Event: from n/a through 1.3.2. Published: 2023-12-21T14:25:39.759Z Updated: 2026-04-28T16:08:49.627Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/event-monster/wordpress-event-monster-plugin-1-3-2-cross-site-scripting-xss-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-3720`	vulnerable	2026-06-08 05:48:21.737122	Event Monster < 1.2.1 - Admin+ SQLi The Event Monster WordPress plugin before 1.2.0 does not validate and escape some parameters before using them in SQL statements, which could lead to SQL Injection exploitable by high privilege users Published: 2022-11-21T00:00:00.000Z Updated: 2025-04-30T15:32:41.083Z Open on db.gcve.eu Reference links https://wpscan.com/vulnerability/0139a23c-4896-4aef-ab56-dcf7f07f01e5	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-3336`	vulnerable	2026-06-08 05:48:20.568381	Event Monster < 1.2.0 - Visitors Deletion via CSRF The Event Monster WordPress plugin before 1.2.0 does not have CSRF check when deleting visitors, which could allow attackers to make logged in admin delete arbitrary visitors via a CSRF attack Published: 2022-11-21T00:00:00.000Z Updated: 2025-04-30T13:24:20.760Z Open on db.gcve.eu Reference links https://wpscan.com/vulnerability/57bc6633-1aeb-4c20-a2a5-9b3fa10ba95d	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.