This page lists publicly disclosed CVE vulnerabilities affecting eventespresso event_espresso (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2024-6883 | The Event Espresso 4 Decaf – Event Registration Event Ticketing plugin for WordPress is vulnerable to limited unauthorized plugin settings modification due to a missing capability check on the saveTimezoneString and some other functions in all versions up to and including 4.10.46.decaf. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify some of the plugin settings. | [email protected] | 4.3 | 0.28% | 2024-08-21 | 2026-06-17 |
| CVE-2020-26153 | A cross-site scripting (XSS) vulnerability in wp-content/plugins/event-espresso-core-reg/admin_pages/messages/templates/ee_msg_admin_overview.template.php in the Event Espresso Core plugin before 4.10.7.p for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter. | [email protected] | 6.1 | 3.80% | 2021-07-13 | 2026-06-16 |
| CVE-2017-1002026 | Vulnerability in wordpress plugin Event Expresso Free v3.1.37.11.L, The function edit_event_category does not sanitize user-supplied input via the $id parameter before passing it into an SQL statement. | [email protected] | 8.8 | 1.71% | 2017-09-14 | 2026-06-16 |