WordPress Events Manager plugin <= 7.2.2.2 - Unauthenticated Information Exposure vulnerability

Unauthenticated Information Exposure vulnerability discovered by thinnawarth mathuros in WordPress Plugin Events Manager versions = 7.2.2.2...

CVE-2025-58265

CVE-2025-58265 : Stored XSS in WordPress plugin “Events Manager – OpenStreetMaps” (Stonehenge Creations). Affected: Events Manager – OpenStreetMaps, version range up to 4.2.1. Root cause: improper input neutralization during web page generation, enabling authenticated users to inject scripts that...

CVE-2025-58265 WordPress Events Manager – OpenStreetMaps Plugin <= 4.2.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Stonehenge Creations Events Manager – OpenStreetMaps stonehenge-em-osm allows Stored XSS.This issue affects Events Manager – OpenStreetMaps: from n/a through = 4.2.1...

CVE-2025-1249 WordPress Events Manager plugin <= 6.6.4.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Pixelite Events Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Events Manager: from n/a through 6.6.4.1...

CVE-2025-1249 WordPress Events Manager plugin <= 6.6.4.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Marcus aka @msykes Events Manager events-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Events Manager: from n/a through = 6.6.4.1...

WordPress Events Manager Plugin <= 6.4.8 is vulnerable to Cross Site Scripting (XSS)

Software Events Manager Type Plugin Vulnerable versions = 6.4.8 Fixed in 6.4.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5889 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7a114bc7cd5f Credits kauenavarro Require...

WordPress Events Manager Plugin <= 6.4.7.3 is vulnerable to Cross Site Scripting (XSS)

Software Events Manager Type Plugin Vulnerable versions = 6.4.7.3 Fixed in 6.4.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3492 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 46517520d762 Credits stealthcopter Required...

WordPress Events Manager Plugin <= 6.4.7.1 is vulnerable to Cross Site Scripting (XSS)

Software Events Manager Type Plugin Vulnerable versions = 6.4.7.1 Fixed in 6.4.7.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2111 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b5294cf8d915 Credits Tim Coen Required...

WordPress Events Manager Plugin <= 6.4.7.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Events Manager Type Plugin Vulnerable versions = 6.4.7.1 Fixed in 6.4.7.2 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-30421 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 39ea0cabbd61 Credits Dhabaleshwar Das...

WordPress Events Manager Plugin <= 6.4.6.4 is vulnerable to Cross Site Scripting (XSS)

Software Events Manager Type Plugin Vulnerable versions = 6.4.6.4 Fixed in 6.4.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0614 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 4d14ba7756e8 Credits Akbar Kustirama Require...

WordPress Events Manager Plugin <= 6.4.5 is vulnerable to Cross Site Scripting (XSS)

Software Events Manager Type Plugin Vulnerable versions = 6.4.5 Fixed in 6.4.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-48326 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID cb641dde12e8 Credits Le Ngoc Anh Required privilege...

WordPress Events Manager 5.61 SQL Injection

==================================================================================================================================== | Title : Wordpress Events Manager plugin 5.61 Blind SQL Injection | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

WordPress Events Manager Plugin < 5.9.8 Multiple Vulnerabilities

The WordPress plugin Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

WordPress Events Manager Plugin < 5.9.5 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description scriptoid"1.3.6.1.4.1.25623.1.0.112564";...