EUVD-2023-12234

Malicious code in bioql PyPI...

EUVD-2024-22172

Malicious code in bioql PyPI...

CVE-2025-52731 WordPress WordPress Event Manager, Event Calendar and Booking Plugin Plugin <= 4.0.24 - Arbitrary Content Deletion Vulnerability

Missing Authorization vulnerability in themefunction WordPress Event Manager, Event Calendar and Booking Plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WordPress Event Manager, Event Calendar and Booking Plugin: from n/a through 4.0.24...

PT-2025-33210 · WordPress · Event Calendar/Booking Plugin +1

Name of the Vulnerable Software and Affected Versions: WordPress Event Manager, Event Calendar and Booking Plugin versions through 4.0.24 Description: The software contains an improper neutralization of input during web page generation, which allows for stored cross-site scripting XSS...

WordPress plugin WordPress Event Manager, Event Calendar and Booking Plugin 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

CVE-2025-2799

The WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tag-name’ parameter in all versions up to, and including, 3.1.49 due to insufficient input sanitization and output escaping. This makes i...

CVE-2023-0144

The Event Manager and Tickets Selling Plugin for WooCommerce WordPress plugin before 3.8.0 does not validate and escape some of its post meta before outputting them back in a page/post, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2025-3419

The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 4.0.26 via the proxyimage function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on...

PT-2025-2071 · WordPress · Ht Event – Wordpress Event Manager Plugin For Elementor

Name of the Vulnerable Software and Affected Versions: The HT Event – WordPress Event Manager Plugin for Elementor plugin for WordPress versions up to, and including, 1.4.7 Description: The issue allows authenticated attackers with Contributor-level access and above to extract sensitive private,...

WordPress Plugin WP Event Manager Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

CVE-2023-23979

Unauth. Stored Cross-Site Scripting XSS vulnerability in Fullworks Quick Event Manager plugin = 9.7.4 versions...

CVE-2023-23979

The CVE-2023-23979 entry concerns the WordPress Quick Event Manager plugin (Fullworks) with an unauthenticated Stored Cross-Site Scripting (XSS) vulnerability affecting versions prior to 9.7.5. The issue is tied to improper handling of input (e.g., the "yourname" parameter) leading to XSS. No exp...

CVE-2023-0144 Event Manager and Tickets Selling Plugin for WooCommerce < 3.8.0 - Contributor+ Stored XSS

The Event Manager and Tickets Selling Plugin for WooCommerce WordPress plugin before 3.8.0 does not validate and escape some of its post meta before outputting them back in a page/post, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

WordPress Quick Event Manager Plugin <= 9.7.4 is vulnerable to Cross Site Scripting (XSS)

Software Quick Event Manager Type Plugin Vulnerable versions = 9.7.4 Fixed in 9.7.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23979 Patch priority Medium CVSS severity Medium 7.1 Developer Fullworks Plugins PSID c7609f23707d Credits yuyudhn...

WordPress Event Manager plugin跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in versions of the WordPress Event Manager plugin prior to...

WordPress plugin 跨站脚本漏洞

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress WP Event Manager has a cross-site scripting vulnerability that stems from the plugin's failure to...

WordPress events-manager plugin cross-site scripting vulnerability

WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. events-manager is an events management plugin used in it. A cross-site scripting vulnerability exists in the WordPress...