Vulnerability Details CVE-2023-0144
The Event Manager and Tickets Selling Plugin for WooCommerce WordPress plugin before 3.8.0 does not validate and escape some of its post meta before outputting them back in a page/post, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 48.2%
CVSS Severity
CVSS v3 Score 5.4
References
Products affected by CVE-2023-0144
-
cpe:2.3:a:mage-people:event_manager_and_tickets_selling_for_woocommerce:-
-
cpe:2.3:a:mage-people:event_manager_and_tickets_selling_for_woocommerce:3.4.4
-
cpe:2.3:a:mage-people:event_manager_and_tickets_selling_for_woocommerce:3.4.5
-
cpe:2.3:a:mage-people:event_manager_and_tickets_selling_for_woocommerce:3.4.6
-
cpe:2.3:a:mage-people:event_manager_and_tickets_selling_for_woocommerce:3.4.8
-
cpe:2.3:a:mage-people:event_manager_and_tickets_selling_for_woocommerce:3.4.9
-
cpe:2.3:a:mage-people:event_manager_and_tickets_selling_for_woocommerce:3.5.1
-
cpe:2.3:a:mage-people:event_manager_and_tickets_selling_for_woocommerce:3.5.2
-
cpe:2.3:a:mage-people:event_manager_and_tickets_selling_for_woocommerce:3.5.3
-
cpe:2.3:a:mage-people:event_manager_and_tickets_selling_for_woocommerce:3.5.4
-
cpe:2.3:a:mage-people:event_manager_and_tickets_selling_for_woocommerce:3.5.5
-
cpe:2.3:a:mage-people:event_manager_and_tickets_selling_for_woocommerce:3.5.6
-
cpe:2.3:a:mage-people:event_manager_and_tickets_selling_for_woocommerce:3.5.7
-
cpe:2.3:a:mage-people:event_manager_and_tickets_selling_for_woocommerce:3.5.8
-
cpe:2.3:a:mage-people:event_manager_and_tickets_selling_for_woocommerce:3.5.9
-
cpe:2.3:a:mage-people:event_manager_and_tickets_selling_for_woocommerce:3.6.1
-
cpe:2.3:a:mage-people:event_manager_and_tickets_selling_for_woocommerce:3.6.3
-
cpe:2.3:a:mage-people:event_manager_and_tickets_selling_for_woocommerce:3.6.5
-
cpe:2.3:a:mage-people:event_manager_and_tickets_selling_for_woocommerce:3.6.6
-
cpe:2.3:a:mage-people:event_manager_and_tickets_selling_for_woocommerce:3.6.7
-
cpe:2.3:a:mage-people:event_manager_and_tickets_selling_for_woocommerce:3.6.8
-
cpe:2.3:a:mage-people:event_manager_and_tickets_selling_for_woocommerce:3.7.0
-
cpe:2.3:a:mage-people:event_manager_and_tickets_selling_for_woocommerce:3.7.2
-
cpe:2.3:a:mage-people:event_manager_and_tickets_selling_for_woocommerce:3.7.5
-
cpe:2.3:a:mage-people:event_manager_and_tickets_selling_for_woocommerce:3.7.6
-
cpe:2.3:a:mage-people:event_manager_and_tickets_selling_for_woocommerce:3.7.8
-
cpe:2.3:a:mage-people:event_manager_and_tickets_selling_for_woocommerce:3.7.9