EUVD-2021-11961

Malware in sbrugna...

EUVD-2022-24534

Malicious code in bioql PyPI...

CVE-2022-1194

The Mobile Events Manager WordPress plugin before 1.4.8 does not properly escape the Enquiry source field when exporting events, or the Paid for field when exporting transactions as CSV, leading to a CSV injection vulnerability...

CVE-2021-25049

The Mobile Events Manager WordPress plugin before 1.4.4 does not sanitise and escape various of its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2022-1194

The Mobile Events Manager WordPress plugin before 1.4.8 does not properly escape the Enquiry source field when exporting events, or the Paid for field when exporting transactions as CSV, leading to a CSV injection vulnerability...

CVE-2022-1194

The Mobile Events Manager WordPress plugin before 1.4.8 does not properly escape the Enquiry source field when exporting events, or the Paid for field when exporting transactions as CSV, leading to a CSV injection vulnerability...

Input validation

The Mobile Events Manager WordPress plugin before 1.4.8 does not properly escape the Enquiry source field when exporting events, or the Paid for field when exporting transactions as CSV, leading to a CSV injection vulnerability...

CVE-2022-1194

The CVE-2022-1194 entry describes a CSV injection vulnerability in the Mobile Events Manager WordPress plugin prior to version 1.4.8. The issue arises because the plugin does not properly escape the Enquiry source field when exporting events or the Paid for field when exporting transactions to CS...

CVE-2022-1194 Mobile Events Manager < 1.4.8 - Admin+ CSV Injection

The Mobile Events Manager WordPress plugin before 1.4.8 does not properly escape the Enquiry source field when exporting events, or the Paid for field when exporting transactions as CSV, leading to a CSV injection vulnerability...

WordPress plugin Mobile Events Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A security vulnerability exists in the WordPress...

WordPress Mobile Events Manager Plugin <= 1.4.7 - Authenticated CSV Injection vulnerability

Authenticated CSV Injection vulnerability discovered by Varun thorat in Mobile Events Manager versions = 1.4.7 Solution Update the WordPress Mobile Events Manager plugin to the latest available version at least 1.4.8...

Mobile Events Manager < 1.4.8 - Admin+ CSV Injection

The plugin does not properly escape the Enquiry source field when exporting events, or the Paid for field when exporting transactions as CSV, leading to a CSV injection vulnerability. Export events with malicious CSV: 1. Create and save a new Enquiry source and add the following in the name field...

WordPress Mobile Events Manager plugin cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. cross-site scripting vulnerability exists in versions prior to WordPress plugin Mobile Events Manager 1.4.4. The...

CVE-2021-25049

The Mobile Events Manager WordPress plugin before 1.4.4 does not sanitise and escape various of its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2021-25049

The Mobile Events Manager WordPress plugin before 1.4.4 does not sanitise and escape various of its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2021-25049

The CVE-2021-25049 entry concerns the WordPress Mobile Events Manager plugin prior to version 1.4.4, where lack of sanitisation/escaping of several settings allows high-privilege users to perform Stored Cross-Site Scripting (XSS) attacks, even when unfiltered_html is disallowed. Affected componen...

PT-2022-9605 · WordPress · Mobile Events Manager

Name of the Vulnerable Software and Affected Versions: Mobile Events Manager WordPress plugin versions prior to 1.4.4 Description: The issue allows high privilege users to perform Cross-Site Scripting attacks due to the lack of sanitization and escaping of various settings, even when the unfilter...

WordPress plugin 跨站脚本漏洞

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. cross-site scripting vulnerability exists in versions prior to WordPress plugin Mobile Events Manager 1.4.4. The...

Mobile Events Manager < 1.4.4 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape various of its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Payload used: alert/XSS/ - Put the payload in the TMEM Events Settings Events Event prefix field, then Creat...

WordPress Mobile Events Manager plugin <= 1.4.3.1 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Varun thorat in WordPress Mobile Events Manager plugin versions = 1.4.3.1. Solution Update the WordPress Mobile Events Manager plugin to the latest available version at least 1.4.4...