Events Manager Security Vulnerabilities

CVE-2019-16523

The events-manager plugin through 5.9.5 for WordPress (aka Events Manager) is susceptible to Stored XSS due to improper encoding and insertion of data provided to the attribute map_style of shortcodes (locations_map and events_map) provided by the...

CVE-2012-6716

The events-manager plugin before 5.1.7 for WordPress has XSS via JSON call...

CVE-2013-7480

The events-manager plugin before 5.3.6.1 for WordPress has XSS via the booking form and admin...

CVE-2013-7477

The events-manager plugin before 5.5.2 for WordPress has XSS in the booking...

CVE-2013-7478

The events-manager plugin before 5.5 for WordPress has XSS via...

CVE-2013-7479

The events-manager plugin before 5.3.9 for WordPress has XSS in the search form...

CVE-2015-9297

The events-manager plugin before 5.6 for WordPress has...

CVE-2015-9298

The events-manager plugin before 5.6 for WordPress has code...

CVE-2015-9299

The events-manager plugin before 5.5.7.1 for WordPress has DOM...

CVE-2015-9300

The events-manager plugin before 5.5.7 for WordPress has multiple XSS...

CVE-2018-13137

The Events Manager plugin 5.9.4 for WordPress has XSS via the dbem_event_reapproved_email_body parameter to the wp-admin/edit.php?post_type=event&page=events-manager-options...

CVE-2018-9020

The Events Manager plugin before 5.8.1.2 for WordPress allows XSS via the events-manager.js mapTitle parameter in the Google Maps...

CVE-2013-1407

Multiple cross-site scripting (XSS) vulnerabilities in the Events Manager plugin before 5.3.5 and Events Manager Pro plugin before 2.2.9 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) scope parameter to index.php; (2) user_name, (3) dbem_phone, (4)...