Lucene search

Quick Event Manager Security Vulnerabilities

cve

CVE-2022-46863

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Event Manager plugin <= 9.6.4 versions.

5.9CVSS

4.8AI Score

0.001EPSS

2023-03-28 09:15 AM

cve

CVE-2023-23491

The Quick Event Manager WordPress Plugin, version < 9.7.5, is affected by a reflected cross-site scripting vulnerability in the 'category' parameter of its 'qem_ajax_calendar' action.

6.1CVSS

5.8AI Score

0.001EPSS

2023-01-20 07:15 PM

cve

CVE-2023-23974

Cross-Site Request Forgery (CSRF) vulnerability in Fullworks Quick Event Manager plugin <= 9.7.4 affecting all registration actions (delete, delete all, edit, update).

5.4CVSS

5.6AI Score

0.001EPSS

2023-03-01 01:15 PM

cve

CVE-2023-23979

Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Event Manager plugin <= 9.7.4 versions.

7.1CVSS

5.7AI Score

0.001EPSS

2023-04-06 06:15 AM