📦 Event Monster

The Event Monster WordPress plugin is vulnerable to PHP object injection through deserialization of untrusted input from custom meta values via shortcodes. This allows authenticated attackers with con...

The Event Monster WordPress plugin creates publicly accessible CSV files containing visitor personal data in the wp-content folder. Unauthenticated attackers can extract names, emails, and phone numbe...

This vulnerability in the WordPress Event Monster plugin (Event Management Tickets Booking) allows unauthorized actors to access sensitive information. It affects all versions up to 1.4.0, potentially...