Imithemes Eventer
10 CVEs affecting Imithemes Eventer. Latest disclosed: 2025-08-14. Critical: 1, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-39481 | Critical | 9.3 | 2025-05-16 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in imithemes Eventer eventer allows Blind SQL Injection.This… |
CVE-2025-0959 | High | 8.8 | 2025-03-07 | The Eventer - WordPress Event & Booking Manager Plugin plugin for WordPress is vulnerable to SQL Injection via the reg_id parameter in all versions up to, and… |
CVE-2024-11135 | High | 7.5 | 2025-01-28 | The Eventer plugin for WordPress is vulnerable to SQL Injection via the 'event' parameter in the 'eventer_get_attendees' function in all versions up to, and in… |
CVE-2025-22635 | High | 7.1 | 2025-02-23 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in imithemes Eventer eventer allows Reflected XSS.This issue… |
CVE-2025-39483 | Medium | 6.5 | 2025-08-14 | Improper Control of Generation of Code ('Code Injection') vulnerability in imithemes Eventer eventer allows Code Injection.This issue affects Eventer: from n/a… |
CVE-2024-10799 | Medium | 6.5 | 2025-01-17 | The Eventer plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.9.7 via the eventer_woo_download_tickets() functi… |
CVE-2024-11132 | Medium | 6.4 | 2025-02-03 | The Eventer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.9.9.4 due to insufficient inpu… |
CVE-2024-11133 | Medium | 5.3 | 2025-02-03 | The Eventer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'handle_pdf_download_request' function i… |
CVE-2025-39482 | Medium | 4.3 | 2025-05-16 | Missing Authorization vulnerability in imithemes Eventer eventer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eve… |
CVE-2024-11134 | Medium | 4.3 | 2025-02-03 | The Eventer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'eventer_export_bookings_csv' function i… |