47 matches found
CVE-2023-23979 WordPress Quick Event Manager Plugin <= 9.7.4 is vulnerable to Cross Site Scripting (XSS)
Unauth. Stored Cross-Site Scripting XSS vulnerability in Fullworks Quick Event Manager plugin = 9.7.4 versions...
WordPress plugin Quick Event Manager 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...
CVE-2022-46863
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Fullworks Quick Event Manager plugin = 9.6.4 versions...
CVE-2022-46863
The CVE-2022-46863 entry describes a stored XSS vulnerability in the WordPress plugin Fullworks Quick Event Manager (versions = 9.6.5 to mitigate the issue.
WordPress plugin Quick Event Manager 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
PT-2023-15088 · Fullworks · Fullworks Quick Event Manager
Name of the Vulnerable Software and Affected Versions: Fullworks Quick Event Manager plugin versions = 9.6.4 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. Recommendations: For versions = 9.6.4, update to a...
CVE-2023-23974
Cross-Site Request Forgery CSRF vulnerability in Fullworks Quick Event Manager plugin = 9.7.4 affecting all registration actions delete, delete all, edit, update...
CVE-2023-23974
Cross-Site Request Forgery CSRF vulnerability in Fullworks Quick Event Manager plugin = 9.7.4 affecting all registration actions delete, delete all, edit, update...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in Fullworks Quick Event Manager plugin = 9.7.4 affecting all registration actions delete, delete all, edit, update...
CVE-2023-23974
The CVE-2023-23974 entry details a CSRF vulnerability in the WordPress plugin Fullworks Quick Event Manager
CVE-2023-23974 WordPress Quick Event Manager Plugin <= 9.7.4 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in Fullworks Quick Event Manager plugin = 9.7.4 affecting all registration actions delete, delete all, edit, update...
WordPress Quick Event Manager Plugin <= 9.6.4 is vulnerable to Cross Site Scripting (XSS)
Software Quick Event Manager Type Plugin Vulnerable versions = 9.6.4 Fixed in 9.6.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-46863 Patch priority Low CVSS severity Low 5.9 Developer Fullworks Plugins PSID 59c55fdc1246 Credits Justiice Required...
CVE-2023-23491
The Quick Event Manager WordPress Plugin, version 9.7.5, is affected by a reflected cross-site scripting vulnerability in the 'category' parameter of its 'qemajaxcalendar' action...
CVE-2023-23491
The Quick Event Manager WordPress Plugin, version 9.7.5, is affected by a reflected cross-site scripting vulnerability in the 'category' parameter of its 'qemajaxcalendar' action...
Quick Event Manager < 9.7.5 - Unauthenticated Stored XSS
The plugin does not sanitise and escape the "yourname" parameter, which could allow unauthenticated users to perform Cross-Site Scripting attacks...
CVE-2023-23491
The Quick Event Manager WordPress Plugin, version 9.7.5, is affected by a reflected cross-site scripting vulnerability in the 'category' parameter of its 'qemajaxcalendar' action...
WordPress Quick Event Manager Plugin <= 9.7.4 is vulnerable to Cross Site Request Forgery (CSRF)
Software Quick Event Manager Type Plugin Vulnerable versions = 9.7.4 Fixed in 9.7.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-23974 Patch priority Low CVSS severity Low 5.4 Developer Fullworks Plugins PSID 5e2ae440ff0d Credits yuyudhn...
WordPress Quick Event Manager Plugin < 9.7.5 is vulnerable to Cross Site Scripting (XSS)
Software Quick Event Manager Type Plugin Vulnerable versions 9.7.5 Fixed in 9.7.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23491 Patch priority High CVSS severity High 7.1 Developer Fullworks Plugins PSID 38346c7453ae Credits Joshua Martinelle...
WordPress Quick Event Manager Plugin <= 9.7.4 is vulnerable to Broken Access Control
Software Quick Event Manager Type Plugin Vulnerable versions = 9.7.4 Fixed in 9.7.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-23975 Patch priority Low CVSS severity Low 5.3 Developer Fullworks Plugins PSID 7294748abf10 Credits yuyudhn Required...
Quick Event Manager < 9.7.5 - Registration Deletion/Update via CSRF
The plugin does not have CSRF checks when deleting and updating registrations, which could allow attackers to make logged in users perform such actions via CSRF attacks...