Lucene search
+L

47 matches found

Cvelist
Cvelist
added 2023/04/06 5:17 a.m.38 views

CVE-2023-23979 WordPress Quick Event Manager Plugin <= 9.7.4 is vulnerable to Cross Site Scripting (XSS)

Unauth. Stored Cross-Site Scripting XSS vulnerability in Fullworks Quick Event Manager plugin = 9.7.4 versions...

7.1CVSS6.1AI score0.00406EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/04/06 12:0 a.m.10 views

WordPress plugin Quick Event Manager 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

7.1CVSS6AI score0.00406EPSS
Exploits0References2
NVD
NVD
added 2023/03/28 9:15 a.m.34 views

CVE-2022-46863

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Fullworks Quick Event Manager plugin = 9.6.4 versions...

5.9CVSS5.4AI score0.00369EPSS
Exploits0References1
CVE
CVE
added 2023/03/28 8:4 a.m.58 views

CVE-2022-46863

The CVE-2022-46863 entry describes a stored XSS vulnerability in the WordPress plugin Fullworks Quick Event Manager (versions = 9.6.5 to mitigate the issue.

5.9CVSS4.9AI score0.00369EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/03/28 12:0 a.m.8 views

WordPress plugin Quick Event Manager 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

5.9CVSS6.3AI score0.00369EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/03/28 12:0 a.m.11 views

PT-2023-15088 · Fullworks · Fullworks Quick Event Manager

Name of the Vulnerable Software and Affected Versions: Fullworks Quick Event Manager plugin versions = 9.6.4 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. Recommendations: For versions = 9.6.4, update to a...

5.9CVSS5.3AI score0.00369EPSS
Exploits0References4
NVD
NVD
added 2023/03/01 1:15 p.m.24 views

CVE-2023-23974

Cross-Site Request Forgery CSRF vulnerability in Fullworks Quick Event Manager plugin = 9.7.4 affecting all registration actions delete, delete all, edit, update...

5.4CVSS5.6AI score0.00234EPSS
Exploits0References1
OSV
OSV
added 2023/03/01 1:15 p.m.6 views

CVE-2023-23974

Cross-Site Request Forgery CSRF vulnerability in Fullworks Quick Event Manager plugin = 9.7.4 affecting all registration actions delete, delete all, edit, update...

5.4CVSS6.1AI score0.00234EPSS
Exploits0References1
Prion
Prion
added 2023/03/01 1:15 p.m.20 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Fullworks Quick Event Manager plugin = 9.7.4 affecting all registration actions delete, delete all, edit, update...

5.8CVSS5.6AI score0.00234EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/03/01 12:33 p.m.57 views

CVE-2023-23974

The CVE-2023-23974 entry details a CSRF vulnerability in the WordPress plugin Fullworks Quick Event Manager

5.4CVSS5.6AI score0.00234EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/03/01 12:33 p.m.29 views

CVE-2023-23974 WordPress Quick Event Manager Plugin <= 9.7.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Fullworks Quick Event Manager plugin = 9.7.4 affecting all registration actions delete, delete all, edit, update...

4.3CVSS5.9AI score0.00234EPSS
Exploits0References1
Patchstack
Patchstack
added 2023/02/14 12:0 a.m.18 views

WordPress Quick Event Manager Plugin <= 9.6.4 is vulnerable to Cross Site Scripting (XSS)

Software Quick Event Manager Type Plugin Vulnerable versions = 9.6.4 Fixed in 9.6.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-46863 Patch priority Low CVSS severity Low 5.9 Developer Fullworks Plugins PSID 59c55fdc1246 Credits Justiice Required...

5.9CVSS5.8AI score0.00369EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2023/01/20 7:15 p.m.15 views

CVE-2023-23491

The Quick Event Manager WordPress Plugin, version 9.7.5, is affected by a reflected cross-site scripting vulnerability in the 'category' parameter of its 'qemajaxcalendar' action...

6.1CVSS5.9AI score0.01179EPSS
Exploits2References1
OSV
OSV
added 2023/01/20 7:15 p.m.6 views

CVE-2023-23491

The Quick Event Manager WordPress Plugin, version 9.7.5, is affected by a reflected cross-site scripting vulnerability in the 'category' parameter of its 'qemajaxcalendar' action...

6.1CVSS6.3AI score0.01179EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2023/01/20 12:0 a.m.9 views

Quick Event Manager < 9.7.5 - Unauthenticated Stored XSS

The plugin does not sanitise and escape the "yourname" parameter, which could allow unauthenticated users to perform Cross-Site Scripting attacks...

7.1CVSS5.9AI score0.00406EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2023/01/20 12:0 a.m.4 views

CVE-2023-23491

The Quick Event Manager WordPress Plugin, version 9.7.5, is affected by a reflected cross-site scripting vulnerability in the 'category' parameter of its 'qemajaxcalendar' action...

6.1AI score0.01179EPSS
Exploits2References1
Patchstack
Patchstack
added 2023/01/20 12:0 a.m.11 views

WordPress Quick Event Manager Plugin <= 9.7.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Quick Event Manager Type Plugin Vulnerable versions = 9.7.4 Fixed in 9.7.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-23974 Patch priority Low CVSS severity Low 5.4 Developer Fullworks Plugins PSID 5e2ae440ff0d Credits yuyudhn...

5.4CVSS7AI score0.00234EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/01/20 12:0 a.m.10 views

WordPress Quick Event Manager Plugin < 9.7.5 is vulnerable to Cross Site Scripting (XSS)

Software Quick Event Manager Type Plugin Vulnerable versions 9.7.5 Fixed in 9.7.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23491 Patch priority High CVSS severity High 7.1 Developer Fullworks Plugins PSID 38346c7453ae Credits Joshua Martinelle...

6.1CVSS5.6AI score0.01179EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2023/01/20 12:0 a.m.16 views

WordPress Quick Event Manager Plugin <= 9.7.4 is vulnerable to Broken Access Control

Software Quick Event Manager Type Plugin Vulnerable versions = 9.7.4 Fixed in 9.7.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-23975 Patch priority Low CVSS severity Low 5.3 Developer Fullworks Plugins PSID 7294748abf10 Credits yuyudhn Required...

6.9AI score0.0064EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2023/01/20 12:0 a.m.18 views

Quick Event Manager < 9.7.5 - Registration Deletion/Update via CSRF

The plugin does not have CSRF checks when deleting and updating registrations, which could allow attackers to make logged in users perform such actions via CSRF attacks...

5.4CVSS5.6AI score0.00234EPSS
Exploits0Affected Software1
Rows per page
Query Builder