CVE-2018-9020

The Events Manager plugin before 5.8.1.2 for WordPress allows XSS via the events-manager.js mapTitle parameter in the Google Maps miniature...

CVE-2025-12976 Events Manager <= 7.2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'events_list_grouped' Shortcode

The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'eventslistgrouped' shortcode in all versions up to, and including, 7.2.2.1 due to insufficient input sanitization and output escaping on user supplied...

CVE-2025-12408

The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 7.2.2.2 via the 'getlocation' action due to insufficient restrictions on which locations can be included. This makes it possible for...

CVE-2025-12408

The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 7.2.2.2 via the 'getlocation' action due to insufficient restrictions on which locations can be included. This makes it possible for...

CVE-2025-12407 Events Manager – Calendar, Bookings, Tickets, and more! <= 7.2.2.2 - Cross-Site Request Forgery to Location Deletion

The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.2.2.2. This is due to missing or incorrect nonce validation on the 'locationdelete' action. This makes it possible for unauthenticat...

CVE-2025-12408

The CVE-2025-12408 entry pertains to the WordPress plugin “Events Manager” (Calendar, Bookings, Tickets, and more). Description: Information Exposure via an under-restricted get_location operation that affects all versions up to and including 7.2.2.2. Root cause: insufficient access restrictions ...

EUVD-2025-203078

The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 7.2.2.2 via the 'getlocation' action due to insufficient restrictions on which locations can be included. This makes it possible for...

CVE-2025-12408 Events Manager <= 7.2.2.2 - Unauthenticated Information Exposure

The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 7.2.2.2 via the 'getlocation' action due to insufficient restrictions on which locations can be included. This makes it possible for...

EUVD-2018-20624

Malware in sbrugna...

EUVD-2013-1445

Malware in sbrugna...

EUVD-2018-5086

Malware in sbrugna...

EUVD-2018-1386

Malware in sbrugna...

EUVD-2019-7200

Malware in sbrugna...

EUVD-2024-28435

Malicious code in bioql PyPI...

EUVD-2024-27074

Malicious code in bioql PyPI...

CVE-2025-58265

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Stonehenge Creations Events Manager - OpenStreetMaps stonehenge-em-osm allows Stored XSS.This issue affects Events Manager - OpenStreetMaps: from n/a through = 4.2.1...

CVE-2025-57987

Missing Authorization vulnerability in ThimPress WP Events Manager wp-events-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Events Manager: from n/a through = 2.2.1...

CVE-2025-58265 WordPress Events Manager – OpenStreetMaps Plugin <= 4.2.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Stonehenge Creations Events Manager – OpenStreetMaps stonehenge-em-osm allows Stored XSS.This issue affects Events Manager – OpenStreetMaps: from n/a through = 4.2.1...

CVE-2025-6975

The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘calendarheader’ parameter in all versions up to, and including, 7.0.3 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2025-6970

The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 7.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...