CVE-2023-0144: Event Manager and Tickets Selling Plugin for WooCommerce < 3.8.0 - Contributor+ Stored XSS
First published: Mon Feb 06 2023(Updated: )
The Event Manager and Tickets Selling Plugin for WooCommerce WordPress plugin before 3.8.0 does not validate and escape some of its post meta before outputting them back in a page/post, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mage-people Event Manager And Tickets Selling Plugin For Woocommerce | <3.8.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2023-0144.
What is the impacted software?
The impacted software is the Event Manager and Tickets Selling Plugin for WooCommerce WordPress plugin before 3.8.0.
What is the severity level of this vulnerability?
The severity level of this vulnerability is medium, with a CVSS score of 5.4.
What is the CWE number associated with this vulnerability?
The CWE number associated with this vulnerability is CWE-79.
How can this vulnerability be exploited?
This vulnerability can be exploited by users with the contributor role and above to perform Stored Cross-Site Scripting (XSS) attacks.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/title
- agent/references
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/mage-people
- canonical/mage-people event manager and tickets selling plugin for woocommerce