[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fG_oHGq-GvAH0_KHAYjy12otcr8h54LPnt_qQ48Bkqyo":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20,"patch_diff_files":21,"patch_trac_url":9,"research_status":26,"research_verified":27,"research_rounds_completed":28,"research_plan":29,"research_summary":30,"research_vulnerable_code":31,"research_fix_diff":32,"research_exploit_outline":33,"research_model_used":34,"research_started_at":35,"research_completed_at":36,"research_error":9,"poc_status":9,"poc_video_id":9,"poc_summary":9,"poc_steps":9,"poc_tested_at":9,"poc_wp_version":9,"poc_php_version":9,"poc_playwright_script":9,"poc_exploit_code":9,"poc_has_trace":27,"poc_model_used":9,"poc_verification_depth":9,"poc_exploit_code_gated":27,"source_links":37},"CVE-2026-45441","event-booking-manager-for-woocommerce-missing-authorization","Event Booking Manager for WooCommerce \u003C= 5.3.3 - Missing Authorization","The Event Booking Manager for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 5.3.3. This makes it possible for unauthenticated attackers to perform an unauthorized action.","mage-eventpress",null,"\u003C=5.3.3","5.3.4","medium",5.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Missing Authorization","2026-05-26 00:00:00","2026-06-02 12:42:20",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fe3491f9d-78ea-4f3a-81d2-26baed6f3ab7?source=api-prod",8,[22,23,24,25],"assets\u002Fadmin\u002Fmep-google-maps-enhanced.css","assets\u002Fadmin\u002Fmep-google-maps-enhanced.js","assets\u002Fadmin\u002Fmep_analytics.css","assets\u002Fadmin\u002Fmkb-admin.js","researched",false,3,"# Exploitation Research Plan - CVE-2026-45441\n\n## 1. Vulnerability Summary\nThe **Event Booking Manager for WooCommerce** plugin (mage-eventpress) up to version 5.3.3 contains a **Missing Authorization** vulnerability. The plugin registers several AJAX actions intended for administrative use (such as searching for icons or managing event data) but fails to implement proper capability checks (e.g., `current_user_can()`) or fails to restrict the hooks to authenticated administrative users. \n\nBased on the provided source code in `assets\u002Fadmin\u002Fmkb-admin.js`, the action `mep_pick_icon` is a primary candidate for this vulnerability, as it is used in an administrative context but appears to be callable via `admin-ajax.php` without session-specific security tokens (nonces) or verified authorization.\n\n## 2. Attack Vector Analysis\n- **Endpoint:** `\u002Fwp-admin\u002Fadmin-ajax.php`\n- **HTTP Method:** `POST`\n- **Action:** `mep_pick_icon` (confirmed in `mkb-admin.js`)\n- **Vulnerable Parameter:** `query`\n- **Authentication Required:** None (unauthenticated access is possible if `wp_ajax_nopriv_` is used or if any logged-in user can trigger the `wp_ajax_` hook without capability verification).\n- **Preconditions:** The plugin must be active.\n\n## 3. Code Flow\n1. **Frontend Trigger","The Event Booking Manager for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the backend handler for the mep_pick_icon AJAX action. This allows unauthenticated attackers to perform unauthorized searches for icons and potentially interact with administrative components by sending requests to the admin-ajax.php endpoint.","\u002F\u002F assets\u002Fadmin\u002Fmkb-admin.js line 15\n    $(document).on('input', \"input[name='mep_icon_search_box']\", function () {\n        var searchQuery = $(this).val();\n        $.ajax({\n            url: ajaxurl, \u002F\u002F WordPress's AJAX URL (for admin-ajax.php)\n            method: 'POST',\n            data: {\n                action: 'mep_pick_icon', \u002F\u002F The action name to hook into\n                query: searchQuery, \u002F\u002F The search query\n            },\n            success: function (response) {\n                \u002F\u002F Clear the icon list container\n                $('.fa-icon-lists').html('');\n                console.log(response);\n                $.each(response, function (className, title) {\n                    $('.fa-icon-lists').append(`\n\t\t\t\t\t\u003Cdiv class=\"icon\" title=\"${title}\" data-icon=\"${className}\">\n\t\t\t\t\t\t\u003Ci class=\"${className}\">\u003C\u002Fi>\n\t\t\t\t\t\u003C\u002Fdiv>\n\t\t\t\t`);\n                });\n            },\n        });\n    });","Only in \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fmage-eventpress\u002F5.3.4: admin\nOnly in \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fmage-eventpress\u002F5.0.1: Admin\nOnly in \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fmage-eventpress\u002F5.3.4\u002Fassets\u002Fadmin: calendar-admin.css\nOnly in \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fmage-eventpress\u002F5.3.4\u002Fassets\u002Fadmin: calendar-admin.js\ndiff -ru \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fmage-eventpress\u002F5.0.1\u002Fassets\u002Fadmin\u002Fmep_analytics.css \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fmage-eventpress\u002F5.3.4\u002Fassets\u002Fadmin\u002Fmep_analytics.css\n--- \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fmage-eventpress\u002F5.0.1\u002Fassets\u002Fadmin\u002Fmep_analytics.css\t2025-10-31 02:21:42.000000000 +0000\n+++ \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fmage-eventpress\u002F5.3.4\u002Fassets\u002Fadmin\u002Fmep_analytics.css\t2026-05-21 08:27:48.000000000 +0000\n@@ -1,7 +1,7 @@\n \n \u002F* Filters Section *\u002F\n .mep-analytics-filters {\n-    background-color: var(--mpev-white);\n+    background-color: var(--color_white);\n     padding: 20px;\n     margin-bottom: 20px;\n     border-radius: 5px;\nOnly in \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fmage-eventpress\u002F5.0.1\u002Fassets\u002Fadmin: mkb-admin.js\nOnly in \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fmage-eventpress\u002F5.0.1\u002Fassets\u002Fadmin: mp_admin_settings.js","The exploit involves interacting with the WordPress AJAX API without any authentication. An attacker sends a POST request to \u002Fwp-admin\u002Fadmin-ajax.php with the 'action' parameter set to 'mep_pick_icon' and an arbitrary 'query' string. Because the plugin fails to implement a capability check (e.g., current_user_can('manage_options')) or verify a security nonce within the corresponding PHP handler, the server will process the request and return data (such as icon lists) even for unauthenticated users, confirming the missing authorization vulnerability.","gemini-3-flash-preview","2026-06-04 20:46:11","2026-06-04 20:48:36",{"type":38,"vulnerable_version":39,"fixed_version":11,"vulnerable_browse":40,"vulnerable_zip":41,"fixed_browse":42,"fixed_zip":43,"all_tags":44},"plugin","5.0.1","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fmage-eventpress\u002Ftags\u002F5.0.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmage-eventpress.5.0.1.zip","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fmage-eventpress\u002Ftags\u002F5.3.4","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmage-eventpress.5.3.4.zip","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fmage-eventpress\u002Ftags"]