Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

magepeopleteam — Vulnerabilities & Security Advisories 42

Browse all 42 CVE security advisories affecting magepeopleteam. AI-powered Chinese analysis, POCs, and references for each vulnerability.

MagePeopleTeam operates as a software development entity primarily focused on creating extensions and modules for the Magento e-commerce platform. Their portfolio includes various plugins designed to enhance store functionality, such as payment gateways, shipping solutions, and marketing tools. Historically, vulnerabilities associated with their products frequently involve Cross-Site Scripting (XSS), SQL Injection, and Remote Code Execution (RCE). These flaws often stem from insufficient input validation and improper access controls within their custom codebases. Notable incidents include multiple critical CVEs that allowed attackers to execute arbitrary commands or steal sensitive customer data from compromised Magento stores. The high volume of recorded issues suggests a pattern of recurring security oversights in their development lifecycle. While some vulnerabilities have been patched, the sheer number of disclosed CVEs indicates persistent challenges in maintaining robust security standards across their diverse range of third-party integrations.

Top products by magepeopleteam: WpEvently Booking and Rental Manager Bus Ticket Booking with Seat Reservation WpTravelly Taxi Booking Manager for WooCommerce WpBookingly Travelly – Tour & Travel Booking Manager for WooCommerce | Tour & Hotel Booking Solution Multipurpose Ticket Booking Manager Booking and Rental Manager for Bike | Car | Resort | Appointment | Dress | Equipment Event Booking Manager for WooCommerce E-cab Taxi Booking Manager for Woocommerce Car Rental Manager
CVE IDTitleCVSSSeverityPublished
CVE-2026-39572 WordPress Bus Ticket Booking with Seat Reservation plugin < 5.6.5 - Sensitive Data Exposure vulnerability — Bus Ticket Booking with Seat ReservationCWE-497 4.3 Medium2026-04-08
CVE-2026-39565 WordPress WpTravelly plugin <= 2.1.7 - Broken Access Control vulnerability — WpTravellyCWE-862 4.3 Medium2026-04-08
CVE-2026-27095 WordPress Bus Ticket Booking with Seat Reservation plugin <= 5.6.0 - PHP Object Injection vulnerability — Bus Ticket Booking with Seat ReservationCWE-502 9.8 Critical2026-03-25
CVE-2026-25361 WordPress WpEvently plugin <= 5.1.4 - Reflected Cross Site Scripting (XSS) vulnerability — WpEventlyCWE-79 7.1 High2026-03-25
CVE-2026-23972 WordPress Booking and Rental Manager plugin <= 2.6.0 - Broken Access Control vulnerability — Booking and Rental ManagerCWE-862 6.5 Medium2026-03-25
CVE-2026-32384 WordPress WpBookingly plugin <= 1.2.9 - Local File Inclusion vulnerability — WpBookinglyCWE-98 7.5 High2026-03-13
CVE-2026-32354 WordPress WpEvently plugin < 5.1.9 - Sensitive Data Exposure vulnerability — WpEventlyCWE-201 5.3 Medium2026-03-13
CVE-2025-69328 WordPress Booking and Rental Manager plugin <= 2.5.9 - PHP Object Injection vulnerability — Booking and Rental ManagerCWE-502 8.8 High2026-02-20
CVE-2026-23549 WordPress WpEvently plugin <= 5.1.1 - PHP Object Injection vulnerability — WpEventlyCWE-502 9.8 Critical2026-02-19
CVE-2026-24954 WordPress WpEvently plugin <= 5.0.8 - Deserialization of untrusted data vulnerability — WpEventlyCWE-502 8.8 High2026-02-03
CVE-2026-24942 WordPress WpEvently plugin <= 5.1.1 - Cross Site Request Forgery (CSRF) vulnerability — WpEventlyCWE-352 4.3 Medium2026-02-03
CVE-2025-69327 WordPress Car Rental Manager plugin <= 1.0.9 - Broken Access Control vulnerability — Car Rental ManagerCWE-862 4.3 Medium2026-01-06
CVE-2025-64266 WordPress Booking and Rental Manager plugin <= 2.5.4 - PHP Object Injection vulnerability — Booking and Rental ManagerCWE-502 8.8 High2025-12-18
CVE-2025-66083 WordPress WpEvently plugin <= 5.0.4 - Broken Access Control vulnerability — WpEventlyCWE-862 5.3 Medium2025-11-21
CVE-2025-66082 WordPress WpEvently plugin <= 5.0.4 - Broken Access Control vulnerability — WpEventlyCWE-862 5.3 Medium2025-11-21
CVE-2025-49904 WordPress Booking and Rental Manager plugin <= 2.5.3 - Cross Site Scripting (XSS) vulnerability — Booking and Rental ManagerCWE-79 7.1 High2025-11-06
CVE-2025-54742 WordPress WpEvently Plugin <= 4.4.8 - PHP Object Injection Vulnerability — WpEventlyCWE-502 8.8 High2025-08-28
CVE-2025-54713 WordPress Taxi Booking Manager for WooCommerce plugin <= 1.3.0 - Broken Authentication vulnerability — Taxi Booking Manager for WooCommerceCWE-288 9.8 Critical2025-08-20
CVE-2025-8898 Taxi Booking Manager for Woocommerce | E-cab <= 1.3.0 - Missing Authorization to Unauthenticated Privilege Escalation via Account Takeover — E-cab Taxi Booking Manager for WoocommerceCWE-862 9.8 Critical2025-08-16
CVE-2025-54705 WordPress WpEvently plugin <= 4.4.6 - Broken Access Control vulnerability — WpEventlyCWE-862 4.3 Medium2025-08-14
CVE-2025-5568 WpEvently <= 4.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting — Event Booking Manager for WooCommerceCWE-79 6.4 Medium2025-06-07
CVE-2025-47585 WordPress Booking and Rental Manager plugin <= 2.3.8 - Broken Access Control vulnerability — Booking and Rental ManagerCWE-862 6.5 Medium2025-06-02
CVE-2025-39390 WordPress Booking and Rental Manager plugin <= 2.3.6 - Broken Access Control vulnerability — Booking and Rental ManagerCWE-862 5.3 Medium2025-04-24
CVE-2025-39457 WordPress Booking and Rental Manager plugin <= 2.2.8 - Broken Access Control vulnerability — Booking and Rental ManagerCWE-862 5.3 Medium2025-04-17
CVE-2025-27011 WordPress Booking and Rental Manager plugin <= 2.2.8 - Local File Inclusion vulnerability — Booking and Rental ManagerCWE-98 7.5 High2025-04-15
CVE-2025-32607 WordPress WpBookingly plugin <= 1.3.0 - PHP Object Injection vulnerability — WpBookinglyCWE-502 9.8 Critical2025-04-11
CVE-2025-32145 WordPress WpEvently plugin <= 4.3.6 - PHP Object Injection vulnerability — WpEventlyCWE-502 8.8 High2025-04-10
CVE-2025-30892 WordPress WpTravelly Plugin <= 1.8.7 - PHP Object Injection vulnerability — WpTravellyCWE-502 8.8 High2025-04-01
CVE-2025-30895 WordPress WpEvently Plugin <= 4.2.9 - PHP Object Injection vulnerability — WpEventlyCWE-22 7.5 High2025-03-27
CVE-2025-30891 WordPress WpTravelly Plugin <= 1.8.7 - Local File Inclusion vulnerability — WpTravellyCWE-98 8.8 High2025-03-27

This page lists every published CVE security advisory associated with magepeopleteam. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.