79 matches found
VulnCheck KEV: CVE-2024-5889
The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘country’ parameter in all versions up to, and including, 6.4.8 due to insufficient input sanitization and output escaping. This makes it possible for...
PT-2024-37224 · WordPress · The Events Manager
Name of the Vulnerable Software and Affected Versions: The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress versions up to, and including, 6.4.8 Description: The issue is related to Reflected Cross-Site Scripting via the country parameter due to insufficient input...
CVE-2024-2111
The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the physical location value in all versions up to, and including, 6.4.7.1 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2024-2110
The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.4.7.1. This is due to missing or incorrect nonce validation on several actions. This makes it possible for unauthenticated attackers...
PT-2024-18831 · WordPress · The Events Manager
Name of the Vulnerable Software and Affected Versions: The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress versions up to, and including, 6.4.7.1 Description: The issue is related to Stored Cross-Site Scripting via the physical location value due to insufficient input...
CVE-2024-0614 Events Manager <= 6.4.6.4 - Authenticated(Administator+) Stored Cross-Site Scripting via settings
The Events Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 6.4.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permission...
CVE-2020-35037
The Events Manager WordPress plugin before 5.9.8 does not sanitise and escape some search parameter before outputing them in pages, which could lead to Cross-Site Scripting issues...
WordPress SQL注入漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in Wordpress Plugin Events Manager that stems from the product...
WordPress events-manager plugin code injection vulnerability
WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. events-manager is an events management plugin used in it. A code injection vulnerability exists in the WordPress events-manager...
WordPress events-manager plugin cross-site scripting vulnerability (CNVD-2019-30594)
WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. events-manager is an events management plugin used in it. A cross-site scripting vulnerability exists in the WordPress...
CVE-2012-6716
The events-manager plugin before 5.1.7 for WordPress has XSS via JSON call links...
CVE-2013-7479
The events-manager plugin before 5.3.9 for WordPress has XSS in the search form field...
CVE-2012-6716
The events-manager plugin before 5.1.7 for WordPress has XSS via JSON call links...
Design/Logic Flaw
The events-manager plugin before 5.5.2 for WordPress has XSS in the booking form...
Design/Logic Flaw
The events-manager plugin before 5.3.9 for WordPress has XSS in the search form field...
CVE-2013-7478
The events-manager plugin before 5.5 for WordPress has XSS via EMTicket::getpost...
CVE-2013-7477
The CVE-2013-7477 entry concerns the WordPress Events Manager plugin, with an XSS flaw in the booking form present in versions prior to 5.5.2. Affected software: events-manager plugin for WordPress; vulnerable component: booking form input handling. Root cause per sources is an XSS vulnerability,...
PT-2019-7029 · WordPress · Events Manager
Name of the Vulnerable Software and Affected Versions: events-manager plugin versions prior to 5.3.6.1 Description: The issue affects the events-manager plugin for WordPress, allowing XSS attacks via the booking form and admin areas. Recommendations: For versions prior to 5.3.6.1, update to versi...
PT-2019-7028 · WordPress · Events Manager
Name of the Vulnerable Software and Affected Versions: events-manager plugin versions prior to 5.3.9 Description: The issue concerns a Cross-Site Scripting XSS flaw in the search form field of the events-manager plugin for WordPress. Recommendations: For versions prior to 5.3.9, update to version...
PT-2019-6824 · WordPress · Events Manager
Name of the Vulnerable Software and Affected Versions: events-manager plugin versions prior to 5.1.7 Description: The issue concerns a cross-site scripting XSS vulnerability via JSON call links. This type of vulnerability allows an attacker to inject malicious scripts into a website, potentially...