Event Monster – Manager & Ticket Booking
Approved changes feed: RSS · Atom
cpe:2.3:a:awordpresslife:event_monster_–_manager_&_ticket_booking:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Awordpresslife (454df3a1-9423-5473-9a21-032942d8dcc6) |
|---|---|
| Product | Event Monster – Manager & Ticket Booking (0edb8c31-10f0-5f09-8ff4-3ec6304f6664) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-1895 |
vulnerable | 2026-06-03 14:54:34.906531 |
Event Monster <= 1.3.9 - Authenticated(Contributor+) PHP Object Injection via Custom Meta
HIGH (7.5)
The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.9 via deserialization via shortcode of untrusted input from a custom meta value. This makes it possible for authenticated attackers, with contributor access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
Published: 2024-04-30T08:32:22.449Z
Updated: 2026-04-08T16:48:48.253Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-11396 |
vulnerable | 2026-06-03 14:54:14.102226 |
Event monster <= 1.4.3 - Information Exposure Via Visitors List Export
MEDIUM (5.3)
The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.3 via the Visitors List Export file. During the export, a CSV file is created in the wp-content folder with a hardcoded filename that is publicly accessible. This makes it possible for unauthenticated attackers to extract data about event visitors, that includes first and last names, email, and phone number.
Published: 2025-01-13T23:21:40.170Z
Updated: 2026-04-08T16:35:41.009Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.