The events-manager plugin through 5.9.5 for WordPress (aka Events Manager) is susceptible to Stored XSS due to improper encoding and insertion of data provided to the attribute map_style of shortcodes (locations_map and events_map) provided by the...
5.4CVSS
6AI Score
0.001EPSS
6.1CVSS
6.1AI Score
0.001EPSS
The events-manager plugin before 5.3.6.1 for WordPress has XSS via the booking form and admin...
6.1CVSS
6.1AI Score
0.001EPSS
6.1CVSS
6.3AI Score
0.001EPSS
6.1CVSS
6AI Score
0.001EPSS
6.1CVSS
6.3AI Score
0.001EPSS
6.1CVSS
7AI Score
0.001EPSS
9.8CVSS
7.7AI Score
0.002EPSS
6.1CVSS
7AI Score
0.001EPSS
6.1CVSS
6.3AI Score
0.001EPSS
The Events Manager plugin 5.9.4 for WordPress has XSS via the dbem_event_reapproved_email_body parameter to the wp-admin/edit.php?post_type=event&page=events-manager-options...
4.8CVSS
6AI Score
0.001EPSS
The Events Manager plugin before 5.8.1.2 for WordPress allows XSS via the events-manager.js mapTitle parameter in the Google Maps...
5.4CVSS
5.2AI Score
0.001EPSS
Multiple cross-site scripting (XSS) vulnerabilities in the Events Manager plugin before 5.3.5 and Events Manager Pro plugin before 2.2.9 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) scope parameter to index.php; (2) user_name, (3) dbem_phone, (4)...
5.8AI Score
0.002EPSS