Lucene search
K

4 matches found

OSV
OSV
added 2024/03/13 4:15 p.m.5 views

CVE-2024-0614

The Events Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 6.4.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permission...

4.8CVSS7.3AI score0.00685EPSS
Exploits1References3
CVE
CVE
added 2024/03/13 3:26 p.m.61 views

CVE-2024-0614

CVE-2024-0614 affects the WordPress plugin “Events Manager” (Calendar, Bookings, Tickets, and more!). It enables stored cross-site scripting via admin settings in all versions up to and including 6.4.6.4 due to insufficient input sanitization and output escaping. Exploitation requires authenticat...

4.8CVSS5AI score0.00685EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2024/03/13 3:26 p.m.32 views

CVE-2024-0614 Events Manager <= 6.4.6.4 - Authenticated(Administator+) Stored Cross-Site Scripting via settings

The Events Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 6.4.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permission...

4.4CVSS4.5AI score0.00685EPSS
Exploits1References3
Patchstack
Patchstack
added 2024/02/29 12:0 a.m.14 views

WordPress Events Manager Plugin <= 6.4.6.4 is vulnerable to Cross Site Scripting (XSS)

Software Events Manager Type Plugin Vulnerable versions = 6.4.6.4 Fixed in 6.4.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0614 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 4d14ba7756e8 Credits Akbar Kustirama Require...

4.8CVSS5.7AI score0.00685EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder