Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wp-events-plugin vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2020-35037
The Events Manager WordPress plugin prior to 5.9.8 does not sanitise and escape some search parameter before outputing them in pages, which could lead to Cross-Site Scripting issues
Wp-events-plugin Events Manager
5.4
CVSSv3
CVE-2019-16523
The events-manager plugin up to and including 5.9.5 for WordPress (aka Events Manager) is susceptible to Stored XSS due to improper encoding and insertion of data provided to the attribute map_style of shortcodes (locations_map and events_map) provided by the plugin.
Wp-events-plugin Events Manager
7.2
CVSSv3
CVE-2020-35012
The Events Manager WordPress plugin prior to 5.9.8 does not sanitise and escape a parameter before using it in a SQL statement, leading to an SQL Injection
Wp-events-plugin Events Manager
5.4
CVSSv3
CVE-2018-0576
Cross-site scripting vulnerability in Events Manager plugin prior to version 5.9 for WordPress allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Wp-events-plugin Events Manager
6.1
CVSSv3
CVE-2013-7477
The events-manager plugin prior to 5.5.2 for WordPress has XSS in the booking form.
Wp-events-plugin Events Manager
6.1
CVSSv3
CVE-2013-7479
The events-manager plugin prior to 5.3.9 for WordPress has XSS in the search form field.
Wp-events-plugin Events Manager
6.1
CVSSv3
CVE-2013-7478
The events-manager plugin prior to 5.5 for WordPress has XSS via EM_Ticket::get_post.
Wp-events-plugin Events Manager
6.1
CVSSv3
CVE-2013-7480
The events-manager plugin prior to 5.3.6.1 for WordPress has XSS via the booking form and admin areas.
Wp-events-plugin Events Manager
6.1
CVSSv3
CVE-2012-6716
The events-manager plugin prior to 5.1.7 for WordPress has XSS via JSON call links.
Wp-events-plugin Events Manager
6.1
CVSSv3
CVE-2023-48326
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pixelite Events Manager allows Reflected XSS.This issue affects Events Manager: from n/a up to and including 6.4.5.
Wp-events-plugin Events Manager
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »