Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

magepeopleteam — Vulnerabilities & Security Advisories 42

Browse all 42 CVE security advisories affecting magepeopleteam. AI-powered Chinese analysis, POCs, and references for each vulnerability.

MagePeopleTeam operates as a software development entity primarily focused on creating extensions and modules for the Magento e-commerce platform. Their portfolio includes various plugins designed to enhance store functionality, such as payment gateways, shipping solutions, and marketing tools. Historically, vulnerabilities associated with their products frequently involve Cross-Site Scripting (XSS), SQL Injection, and Remote Code Execution (RCE). These flaws often stem from insufficient input validation and improper access controls within their custom codebases. Notable incidents include multiple critical CVEs that allowed attackers to execute arbitrary commands or steal sensitive customer data from compromised Magento stores. The high volume of recorded issues suggests a pattern of recurring security oversights in their development lifecycle. While some vulnerabilities have been patched, the sheer number of disclosed CVEs indicates persistent challenges in maintaining robust security standards across their diverse range of third-party integrations.

Top products by magepeopleteam: WpEvently Booking and Rental Manager Bus Ticket Booking with Seat Reservation WpTravelly Taxi Booking Manager for WooCommerce WpBookingly Travelly – Tour & Travel Booking Manager for WooCommerce | Tour & Hotel Booking Solution Multipurpose Ticket Booking Manager Booking and Rental Manager for Bike | Car | Resort | Appointment | Dress | Equipment Event Booking Manager for WooCommerce E-cab Taxi Booking Manager for Woocommerce Car Rental Manager
CVE IDTitleCVSSSeverityPublished
CVE-2025-30887 WordPress WpEvently Plugin <= 4.2.9 - Broken Access Control vulnerability — WpEventlyCWE-862 5.3 Medium2025-03-27
CVE-2025-30839 WordPress Taxi Booking Manager for WooCommerce plugin <= 1.2.1 - Broken Access Control vulnerability — Taxi Booking Manager for WooCommerceCWE-862 5.3 Medium2025-03-27
CVE-2025-26921 WordPress Booking and Rental Manager Plugin <= 2.2.6 - PHP Object Injection vulnerability — Booking and Rental ManagerCWE-502 8.8 High2025-03-15
CVE-2025-24661 WordPress Taxi Booking Manager for WooCommerce plugin <= 1.1.8 - PHP Object Injection vulnerability — Taxi Booking Manager for WooCommerceCWE-502 8.8 High2025-02-03
CVE-2025-22720 WordPress WpRently | WordPress plugin plugin <= 2.2.1 - Broken Access Control vulnerability — Booking and Rental ManagerCWE-862 5.8 Medium2025-01-31
CVE-2025-22737 WordPress WpTravelly Plugin <= 1.8.5 - Broken Access Control vulnerability — WpTravellyCWE-862 5.3 Medium2025-01-15
CVE-2024-12412 Rental and Booking Manager for Bike, Car, Dress, Resort with WooCommerce Integration – WpRently | WordPress plugin <= 2.2.1 - Reflected Cross-Site Scripting — Booking and Rental Manager for Bike | Car | Resort | Appointment | Dress | EquipmentCWE-79 6.1 Medium2025-01-11
CVE-2024-49294 WordPress WpBusTicketly plugin <= 5.4.3 - Cross Site Request Forgery (CSRF) vulnerability — Bus Ticket Booking with Seat ReservationCWE-352 4.3 Medium2025-01-07
CVE-2024-49703 WordPress WpEvently plugin <= 4.2.5 - Cross Site Scripting (XSS) vulnerability — WpEventlyCWE-79 6.5 Medium2024-10-24
CVE-2024-44037 WordPress Multipurpose Ticket Booking Manager plugin <= 4.2.2 - Cross Site Scripting (XSS) vulnerability — Multipurpose Ticket Booking ManagerCWE-79 5.9 Medium2024-10-06
CVE-2024-0434 WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly <= 1.7.1 - Missing Authorization via ttbm_new_place_save — Travelly – Tour & Travel Booking Manager for WooCommerce | Tour & Hotel Booking SolutionCWE-284 5.3 Medium2024-05-29
CVE-2023-4067 Bus Ticket Booking with Seat Reservation <= 5.2.3 - Reflected Cross-Site Scripting — Bus Ticket Booking with Seat ReservationCWE-79 6.1 Medium2023-08-02

This page lists every published CVE security advisory associated with magepeopleteam. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.