Lucene search

K

NetWebLogic Security Vulnerabilities

cve
cve

CVE-2024-2110

The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.4.7.1. This is due to missing or incorrect nonce validation on several actions. This makes it possible for unauthenticated attackers.....

4.3CVSS

8.9AI Score

0.0004EPSS

2024-03-28 02:15 AM
25
cve
cve

CVE-2024-2111

The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the physical location value in all versions up to, and including, 6.4.7.1 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS

7.5AI Score

0.0004EPSS

2024-03-28 02:15 AM
31
cve
cve

CVE-2024-3492

The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'event', 'location', and 'event_category' shortcodes in all versions up to, and including, 6.4.7.3 due to insufficient input sanitization and output...

6.4CVSS

5.7AI Score

0.0004EPSS

2024-06-12 11:15 AM
19
cve
cve

CVE-2024-1770

The Meta Tag Manager plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0.2 via deserialization of untrusted input in the get_post_data function. This makes it possible for authenticated attackers, with contributor access or higher, to inject a PHP...

8.8CVSS

9.3AI Score

0.0004EPSS

2024-03-28 02:15 AM
31
cve
cve

CVE-2024-0614

The Events Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 6.4.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions....

4.4CVSS

5AI Score

0.0004EPSS

2024-03-13 04:15 PM
17
cve
cve

CVE-2012-4283

Cross-site scripting (XSS) vulnerability in the Login With Ajax plugin before 3.0.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the callback...

6AI Score

0.002EPSS

2022-10-03 04:15 PM
18
cve
cve

CVE-2013-2707

Cross-site request forgery (CSRF) vulnerability in the Login With Ajax plugin before 3.1 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that modify this plugin's...

7.5AI Score

0.001EPSS

2022-10-03 04:15 PM
14
cve
cve

CVE-2018-0576

Cross-site scripting vulnerability in Events Manager plugin prior to version 5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified...

5.4CVSS

5.4AI Score

0.001EPSS

2018-05-14 01:29 PM
31
cve
cve

CVE-2013-1407

Multiple cross-site scripting (XSS) vulnerabilities in the Events Manager plugin before 5.3.5 and Events Manager Pro plugin before 2.2.9 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) scope parameter to index.php; (2) user_name, (3) dbem_phone, (4)...

5.8AI Score

0.002EPSS

2014-05-13 02:55 PM
23
cve
cve

CVE-2012-2759

Cross-site scripting (XSS) vulnerability in login-with-ajax.php in the Login With Ajax (aka login-with-ajax) plugin before 3.0.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the callback parameter in a lostpassword action to...

6AI Score

0.003EPSS

2012-05-22 04:55 PM
14