388 matches found
CVE-2026-57713
Deserialization of Untrusted Data vulnerability in Marcus aka @msykes Events Manager events-manager allows Object Injection.This issue affects Events Manager: from n/a through = 7.3.6...
CVE-2026-57713
CVE-2026-57713 : The WordPress Plugins Events Manager (events-manager ) is affected up to version 7.3.6. The issue is a PHP Object Injection caused by deserialization of untrusted data, enabling object injection. The affected component is the Events Manager plugin for WordPress; root cause is des...
CVE-2026-57713 WordPress Events Manager plugin <= 7.3.6 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in Marcus aka @msykes Events Manager events-manager allows Object Injection.This issue affects Events Manager: from n/a through = 7.3.6...
WordPress Events Manager plugin <= 7.3.6 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by dutafi in WordPress Plugin Events Manager versions = 7.3.6...
EUVD-2025-5342
Missing Authorization vulnerability in Pixelite Events Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Events Manager: from n/a through 6.6.4.1...
CVE-2018-9020
The Events Manager plugin before 5.8.1.2 for WordPress allows XSS via the events-manager.js mapTitle parameter in the Google Maps miniature...
CVE-2013-7480
The events-manager plugin before 5.3.6.1 for WordPress has XSS via the booking form and admin areas...
CVE-2013-7479
The events-manager plugin before 5.3.9 for WordPress has XSS in the search form field...
CVE-2019-16523
The events-manager plugin through 5.9.5 for WordPress aka Events Manager is susceptible to Stored XSS due to improper encoding and insertion of data provided to the attribute mapstyle of shortcodes locationsmap and eventsmap provided by the plugin...
CVE-2025-1249
Missing Authorization vulnerability in Marcus aka @msykes Events Manager events-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Events Manager: from n/a through = 6.6.4.1...
CVE-2024-2110
The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.4.7.1. This is due to missing or incorrect nonce validation on several actions. This makes it possible for unauthenticated attackers...
WordPress Events Manager Plugin Information Disclosure Vulnerability
WordPress Events Manager Plugin is a full-featured open source plugin designed for managing events on WordPress sites. WordPress Events Manager Plugin suffers from an information disclosure vulnerability that stems from an under-restricted getlocation operation, which can be exploited by an...
CVE-2025-12976
The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'eventslistgrouped' shortcode in all versions up to, and including, 7.2.2.1 due to insufficient input sanitization and output escaping on user supplied...
CVE-2025-12976
The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'eventslistgrouped' shortcode in all versions up to, and including, 7.2.2.1 due to insufficient input sanitization and output escaping on user supplied...
EUVD-2025-204249
The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'eventslistgrouped' shortcode in all versions up to, and including, 7.2.2.1 due to insufficient input sanitization and output escaping on user supplied...
CVE-2025-12976 Events Manager <= 7.2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'events_list_grouped' Shortcode
The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'eventslistgrouped' shortcode in all versions up to, and including, 7.2.2.1 due to insufficient input sanitization and output escaping on user supplied...
CVE-2025-12976 Events Manager <= 7.2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'events_list_grouped' Shortcode
The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'eventslistgrouped' shortcode in all versions up to, and including, 7.2.2.1 due to insufficient input sanitization and output escaping on user supplied...
WordPress plugin Events Manager 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
PT-2025-51997
Name of the Vulnerable Software and Affected Versions The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress versions through 7.2.2.1 Description The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is susceptible to Stored Cross-Site Scriptin...
WordPress Events Manager plugin <= 7.2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'events_list_grouped' Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'eventslistgrouped' Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Events Manager versions = 7.2.2.1...