388 matches found
PT-2019-8926 · WordPress · Events Manager
Name of the Vulnerable Software and Affected Versions: Events Manager plugin version 5.9.4 Description: The issue concerns a cross-site scripting XSS problem. It is exploited via the dbem event reapproved email body parameter to the "wp-admin/edit.php?post type=event&page=events-manager-options"...
WordPress Events Manager Plugin < 5.9 XSS Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description scriptoid"1.3.6.1.4.1.25623.1.0.112284";...
CVE-2018-0576
Cross-site scripting vulnerability in Events Manager plugin prior to version 5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Cross site scripting
Cross-site scripting vulnerability in Events Manager plugin prior to version 5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2018-0576
The CVE-2018-0576 issue concerns the WordPress plugin Events Manager (prior to version 5.9). The vulnerability is a cross-site scripting (XSS) flaw that could allow remote attackers to inject arbitrary script or HTML via unspecified vectors, potentially executing in a logged-in user’s browser. Af...
CVE-2018-0576
Cross-site scripting vulnerability in Events Manager plugin prior to version 5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
PT-2018-8934 · WordPress · Events Manager
Name of the Vulnerable Software and Affected Versions: Events Manager plugin versions prior to 5.9 for WordPress Description: The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, which can lead to cross-site scripting. Recommendations: For versions pri...
WordPress plugin "Events Manager" vulnerable to cross-site scripting
Overview The WordPress plugin "Events Manager" provided by NetWebLogic contains a stored cross-site scripting vulnerability CWE-79. Daichi Takaki of Cryptography Laboratory,Department of Information and Communication Engineering,Tokyo Denki University reported this vulnerability to IPA. JPCERT/CC...
JVN#85531148: WordPress plugin "Events Manager" vulnerable to cross-site scripting
The WordPress plugin "Events Manager" provided by NetWebLogic contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on a logged in user's web browser. Solution Update the plugin Update the plugin according to the information provided by the...
Events Manager < 5.9 - Authenticated Stored Cross-Site Scripting (XSS)
The Events Manager WordPress plugin was affected by an Authenticated Stored Cross-Site Scripting XSS security vulnerability...
WordPress Events Manager Plugin Cross-Site Scripting Vulnerability
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress Events Manager plugin prior to version 5.9, which can be exploit...
WordPress Events Manager Plugin Cross-Site Scripting Vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform using PHP language development, the platform supports in PHP and MySQL servers to set up personal blog sites.Events Manager plugin is used in one of the registration plugin. A cross-site scripting vulnerability exists in th...
WordPress Events Manager plugin <=5.8.1.1 - Unauthenticated Stored XSS vulnerability
Unauthenticated Stored XSS vulnerability found in WordPress Events Manager plugin versions =5.8.1.1. Solution Update the WordPress Events Manager plugin to the latest version at least 5.8.1.2...
CVE-2018-9020
The Events Manager plugin before 5.8.1.2 for WordPress allows XSS via the events-manager.js mapTitle parameter in the Google Maps miniature...
CVE-2018-9020
The Events Manager plugin before 5.8.1.2 for WordPress allows XSS via the events-manager.js mapTitle parameter in the Google Maps miniature...
Design/Logic Flaw
The Events Manager plugin before 5.8.1.2 for WordPress allows XSS via the events-manager.js mapTitle parameter in the Google Maps miniature...
CVE-2018-9020
The Events Manager plugin before 5.8.1.2 for WordPress allows XSS via the events-manager.js mapTitle parameter in the Google Maps miniature...
CVE-2018-9020
The Events Manager plugin before 5.8.1.2 for WordPress allows XSS via the events-manager.js mapTitle parameter in the Google Maps miniature...
CVE-2018-9020
The CVE-2018-9020 entry concerns the WordPress Events Manager plugin (pre-5.8.1.2). Concrete detail: an XSS vulnerability arises via the events-manager.js mapTitle parameter in the Google Maps miniature, due to lack of proper escaping. This affects the Events Manager plugin for WordPress; exploit...
Events Manager <= 5.8.1.1 - Unauthenticated Stored XSS
An unauthenticated user or a user without privileges, who can submit an event, can inject javascript code in the Google Maps miniature. The malicious code runs in the admin panel when a user with privileges opens the submitted event. The problem is in the file events-manager.js, the variable...