CVE-2024-5889

🗓️ 29 Jun 2024 05:03:15Reported by [email protected]Type

The Events Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting through the 'country' parameter in versions up to 6.4.8 due to insufficient input sanitization and output escaping, allowing unauthenticated attackers to inject arbitrary web scripts

Reporter	Title	Published	Views	Family All 5
Vulnrichment	CVE-2024-5889 Events Manager <= 6.4.8 - Reflected Cross-Site Scripting	29 Jun 202404:33	–	vulnrichment
CVE	CVE-2024-5889	29 Jun 202405:15	–	cve
Cvelist	CVE-2024-5889 Events Manager <= 6.4.8 - Reflected Cross-Site Scripting	29 Jun 202404:33	–	cvelist
Patchstack	WordPress Events Manager Plugin <= 6.4.8 is vulnerable to Cross Site Scripting (XSS)	1 Jul 202400:00	–	patchstack
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (June 24, 2024 to June 30, 2024)	3 Jul 202415:31	–	wordfence

Nvd

Node

pixelite events_managerRange<6.4.9wordpress

Source	Link
plugins	www.plugins.trac.wordpress.org/changeset/3106809/
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/73cbb65e-b4e3-4374-9916-9a3d1be5a014

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

29 Jun 2024 05:15Current

CVSS36.1

EPSS0.00043

CWE-79