Lucene search
K

79 matches found

VulnCheck KEV
VulnCheck KEV
added 2024/07/01 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-5889

The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘country’ parameter in all versions up to, and including, 6.4.8 due to insufficient input sanitization and output escaping. This makes it possible for...

6.1CVSS5.8AI score0.0031EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/06/29 12:0 a.m.3 views

PT-2024-37224 · WordPress · The Events Manager

Name of the Vulnerable Software and Affected Versions: The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress versions up to, and including, 6.4.8 Description: The issue is related to Reflected Cross-Site Scripting via the country parameter due to insufficient input...

6.1CVSS6.8AI score0.0031EPSS
Exploits0References6
OSV
OSV
added 2024/03/28 2:15 a.m.3 views

CVE-2024-2111

The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the physical location value in all versions up to, and including, 6.4.7.1 due to insufficient input sanitization and output escaping. This makes it possible for...

5.4CVSS7.4AI score0.0034EPSS
Exploits0References2
OSV
OSV
added 2024/03/28 2:15 a.m.4 views

CVE-2024-2110

The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.4.7.1. This is due to missing or incorrect nonce validation on several actions. This makes it possible for unauthenticated attackers...

4.3CVSS7.2AI score0.00215EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/03/27 12:0 a.m.4 views

PT-2024-18831 · WordPress · The Events Manager

Name of the Vulnerable Software and Affected Versions: The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress versions up to, and including, 6.4.7.1 Description: The issue is related to Stored Cross-Site Scripting via the physical location value due to insufficient input...

6.4CVSS7.7AI score0.0034EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2024/03/13 3:26 p.m.15 views

CVE-2024-0614 Events Manager <= 6.4.6.4 - Authenticated(Administator+) Stored Cross-Site Scripting via settings

The Events Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 6.4.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permission...

4.4CVSS6.7AI score0.00685EPSS
Exploits1References3
OSV
OSV
added 2021/12/01 11:15 p.m.2 views

CVE-2020-35037

The Events Manager WordPress plugin before 5.9.8 does not sanitise and escape some search parameter before outputing them in pages, which could lead to Cross-Site Scripting issues...

6.1CVSS5.8AI score
Exploits0References2
CNNVD
CNNVD
added 2021/12/01 12:0 a.m.14 views

WordPress SQL注入漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in Wordpress Plugin Events Manager that stems from the product...

7.2CVSS6.1AI score0.01484EPSS
Exploits1References3
CNVD
CNVD
added 2019/10/14 12:0 a.m.2 views

WordPress events-manager plugin code injection vulnerability

WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. events-manager is an events management plugin used in it. A code injection vulnerability exists in the WordPress events-manager...

9.8CVSS7.5AI score0.021EPSS
Exploits0References1
CNVD
CNVD
added 2019/08/28 12:0 a.m.2 views

WordPress events-manager plugin cross-site scripting vulnerability (CNVD-2019-30594)

WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. events-manager is an events management plugin used in it. A cross-site scripting vulnerability exists in the WordPress...

6.1CVSS6.3AI score0.00913EPSS
Exploits0References1
NVD
NVD
added 2019/08/22 1:15 p.m.14 views

CVE-2012-6716

The events-manager plugin before 5.1.7 for WordPress has XSS via JSON call links...

6.1CVSS6.1AI score0.00913EPSS
Exploits0References1
NVD
NVD
added 2019/08/22 1:15 p.m.16 views

CVE-2013-7479

The events-manager plugin before 5.3.9 for WordPress has XSS in the search form field...

6.1CVSS6.1AI score0.00913EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2019/08/22 1:15 p.m.2 views

CVE-2012-6716

The events-manager plugin before 5.1.7 for WordPress has XSS via JSON call links...

6.1CVSS5.4AI score0.00913EPSS
Exploits0References3
Prion
Prion
added 2019/08/22 1:15 p.m.16 views

Design/Logic Flaw

The events-manager plugin before 5.5.2 for WordPress has XSS in the booking form...

4.3CVSS6.3AI score0.00913EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2019/08/22 1:15 p.m.15 views

Design/Logic Flaw

The events-manager plugin before 5.3.9 for WordPress has XSS in the search form field...

4.3CVSS6.3AI score0.00913EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/08/22 12:26 p.m.23 views

CVE-2013-7478

The events-manager plugin before 5.5 for WordPress has XSS via EMTicket::getpost...

6.1AI score0.00913EPSS
Exploits0References1
CVE
CVE
added 2019/08/22 12:25 p.m.51 views

CVE-2013-7477

The CVE-2013-7477 entry concerns the WordPress Events Manager plugin, with an XSS flaw in the booking form present in versions prior to 5.5.2. Affected software: events-manager plugin for WordPress; vulnerable component: booking form input handling. Root cause per sources is an XSS vulnerability,...

6.1CVSS6AI score0.00913EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2019/08/22 12:0 a.m.4 views

PT-2019-7029 · WordPress · Events Manager

Name of the Vulnerable Software and Affected Versions: events-manager plugin versions prior to 5.3.6.1 Description: The issue affects the events-manager plugin for WordPress, allowing XSS attacks via the booking form and admin areas. Recommendations: For versions prior to 5.3.6.1, update to versi...

6.1CVSS6.4AI score0.00913EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2019/08/22 12:0 a.m.4 views

PT-2019-7028 · WordPress · Events Manager

Name of the Vulnerable Software and Affected Versions: events-manager plugin versions prior to 5.3.9 Description: The issue concerns a Cross-Site Scripting XSS flaw in the search form field of the events-manager plugin for WordPress. Recommendations: For versions prior to 5.3.9, update to version...

6.1CVSS6.2AI score0.00913EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2019/08/22 12:0 a.m.4 views

PT-2019-6824 · WordPress · Events Manager

Name of the Vulnerable Software and Affected Versions: events-manager plugin versions prior to 5.1.7 Description: The issue concerns a cross-site scripting XSS vulnerability via JSON call links. This type of vulnerability allows an attacker to inject malicious scripts into a website, potentially...

6.1CVSS6AI score0.00913EPSS
Exploits0References4
Rows per page
Query Builder