Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

MagePeople Team — Vulnerabilities & Security Advisories 11

Browse all 11 CVE security advisories affecting MagePeople Team. AI-powered Chinese analysis, POCs, and references for each vulnerability.

MagePeople Team develops e-commerce extensions for Magento platforms, focusing on enhancing online store functionality. Historically, their products have been vulnerable to multiple security issues, including remote code execution, cross-site scripting, and privilege escalation vulnerabilities. The team has accumulated 11 CVEs, often stemming from insufficient input validation and improper access controls. While no major public security incidents have been widely documented, their consistent vulnerability pattern suggests a need for improved security development practices. Their extensions remain widely used despite these concerns, indicating a gap between security requirements and implementation in their development lifecycle.

Top products by MagePeople Team: Event Manager and Tickets Selling Plugin for WooCommerce WpTravelly Booking and Rental Manager for Bike WpBusTicketly Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin Event Manager for WooCommerce Taxi Booking Manager for WooCommerce Bus Ticket Booking with Seat Reservation
CVE IDTitleCVSSSeverityPublished
CVE-2024-43212 WordPress WpTravelly plugin <= 1.7.7 - Broken Access Control vulnerability — WpTravellyCWE-862 7.5 High2024-11-01
CVE-2024-43985 WordPress Bus Ticket Booking with Seat Reservation plugin <= 5.3.5 - Cross Site Scripting (XSS) vulnerability — Bus Ticket Booking with Seat ReservationCWE-79 5.9 Medium2024-09-17
CVE-2024-43986 WordPress E-cab taxi booking manager plugin <=1.0.9 - Cross Site Scripting (XSS) vulnerability — Taxi Booking Manager for WooCommerceCWE-79 5.9 Medium2024-08-29
CVE-2024-43138 WordPress Event Manager and Tickets Selling Plugin for WooCommerce plugin <= 4.2.1 - Local File Inclusion vulnerability — Event Manager for WooCommerceCWE-22 6.5 Medium2024-08-13
CVE-2024-32450 WordPress WpTravelly plugin <= 1.6.0 - Cross Site Request Forgery (CSRF) vulnerability — WpTravellyCWE-352 4.3 Medium2024-04-15
CVE-2024-24796 WordPress Event Manager for WooCommerce Plugin <= 4.1.1 is vulnerable to PHP Object Injection — Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress PluginCWE-502 8.2 High2024-02-12
CVE-2023-30496 WordPress Bus Ticket Booking with Seat Reservation Plugin <= 5.2.5 is vulnerable to Cross Site Scripting (XSS) — WpBusTicketlyCWE-79 7.1 High2023-11-22
CVE-2023-36383 WordPress Event Manager for WooCommerce Plugin <= 3.9.5 is vulnerable to Cross Site Scripting (XSS) — Event Manager and Tickets Selling Plugin for WooCommerceCWE-79 5.9 Medium2023-07-18
CVE-2023-35048 WordPress Booking and Rental Manager Plugin <= 1.2.1 is vulnerable to Cross Site Scripting (XSS) — Booking and Rental Manager for BikeCWE-79 5.9 Medium2023-06-23
CVE-2022-47164 WordPress Event Manager for WooCommerce Plugin <= 3.7.7 is vulnerable to Cross Site Request Forgery (CSRF) — Event Manager and Tickets Selling Plugin for WooCommerceCWE-352 4.3 Medium2023-05-25
CVE-2023-28422 WordPress Event Manager for WooCommerce Plugin <= 3.8.6 is vulnerable to Cross Site Scripting (XSS) — Event Manager and Tickets Selling Plugin for WooCommerceCWE-79 5.9 Medium2023-03-23

This page lists every published CVE security advisory associated with MagePeople Team. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.