452 matches found
CVE-2023-23974
Cross-Site Request Forgery CSRF vulnerability in Fullworks Quick Event Manager plugin = 9.7.4 affecting all registration actions delete, delete all, edit, update...
CVE-2023-36383
Auth. editor+ Stored Cross-Site Scripting XSS vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce plugin = 3.9.5 versions...
CVE-2023-23491
The Quick Event Manager WordPress Plugin, version 9.7.5, is affected by a reflected cross-site scripting vulnerability in the 'category' parameter of its 'qemajaxcalendar' action...
CVE-2023-23979
Unauth. Stored Cross-Site Scripting XSS vulnerability in Fullworks Quick Event Manager plugin = 9.7.4 versions...
CVE-2023-23975
Missing Authorization vulnerability in Fullworks Quick Event Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quick Event Manager: from n/a through 9.7.4...
CVE-2023-47697
Unauth. Reflected Cross-Site Scripting XSS vulnerability in WP Event Manager WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin = 3.1.39 versions...
CVE-2022-46863
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Fullworks Quick Event Manager plugin = 9.6.4 versions...
CVE-2022-1474
The WP Event Manager WordPress plugin before 3.1.28 does not sanitise and escape its search before outputting it back in an attribute on the event dashboard, leading to a Reflected Cross-Site Scripting...
CVE-2021-24810
The WP Event Manager WordPress plugin before 3.1.23 does not escape some of its Field Editor settings when outputting them, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2017-7646
SolarWinds Log & Event Manager LEM before 6.3.1 Hotfix 4 allows an authenticated user to browse the server's filesystem and read the contents of arbitrary files contained within...
CVE-2015-7839
SolarWinds Log and Event Manager LEM allows remote attackers to execute arbitrary commands on managed computers via a request to services/messagebroker/nonsecurestreamingamf involving the traceroute functionality...
CVE-2025-3419
The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 4.0.26 via the proxyimage function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on...
CVE-2025-3419
The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 4.0.26 via the proxyimage function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on...
CVE-2025-3419
CVE-2025-3419 affects the WordPress plugin family “Event Manager, Events Calendar, Tickets, Registrations – Eventin” (
CVE-2025-3419 Event Manager, Events Calendar, Tickets, Registrations – Eventin <= 4.0.26 - Unauthenticated Arbitrary File Read
The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 4.0.26 via the proxyimage function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on...
CVE-2025-3419 Event Manager, Events Calendar, Tickets, Registrations – Eventin <= 4.0.26 - Unauthenticated Arbitrary File Read
The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 4.0.26 via the proxyimage function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on...
CVE-2025-24624 WordPress HT Event – WordPress Event Manager Plugin for Elementor Plugin <= 1.4.6 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in DevItems HT Event ht-event allows Reflected XSS.This issue affects HT Event: from n/a through = 1.4.6...
CVE-2025-32225
Missing Authorization vulnerability in WP Event Manager WP Event Manager wp-event-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Event Manager: from n/a through = 3.2.0...
CVE-2025-31739
Missing Authorization vulnerability in Manuel Schmalstieg Minimalistic Event Manager minimalistic-event-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Minimalistic Event Manager: from n/a through = 1.1.1...
CVE-2025-32225
Missing Authorization vulnerability in WP Event Manager WP Event Manager wp-event-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Event Manager: from n/a through = 3.2.0...