The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.4.7.1. This is due to missing or incorrect nonce validation on several actions. This makes it possible for unauthenticated attackers.....
4.3CVSS
8.9AI Score
0.0004EPSS
The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the physical location value in all versions up to, and including, 6.4.7.1 due to insufficient input sanitization and output escaping. This makes it possible for...
6.4CVSS
7.5AI Score
0.0004EPSS
The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'event', 'location', and 'event_category' shortcodes in all versions up to, and including, 6.4.7.3 due to insufficient input sanitization and output...
6.4CVSS
5.7AI Score
0.0004EPSS
The Meta Tag Manager plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0.2 via deserialization of untrusted input in the get_post_data function. This makes it possible for authenticated attackers, with contributor access or higher, to inject a PHP...
8.8CVSS
9.3AI Score
0.0004EPSS
The Events Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 6.4.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions....
4.4CVSS
5AI Score
0.0004EPSS
Cross-site scripting (XSS) vulnerability in the Login With Ajax plugin before 3.0.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the callback...
6AI Score
0.002EPSS
Cross-site request forgery (CSRF) vulnerability in the Login With Ajax plugin before 3.1 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that modify this plugin's...
7.5AI Score
0.001EPSS
Cross-site scripting vulnerability in Events Manager plugin prior to version 5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified...
5.4CVSS
5.4AI Score
0.001EPSS
Multiple cross-site scripting (XSS) vulnerabilities in the Events Manager plugin before 5.3.5 and Events Manager Pro plugin before 2.2.9 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) scope parameter to index.php; (2) user_name, (3) dbem_phone, (4)...
5.8AI Score
0.002EPSS
Cross-site scripting (XSS) vulnerability in login-with-ajax.php in the Login With Ajax (aka login-with-ajax) plugin before 3.0.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the callback parameter in a lostpassword action to...
6AI Score
0.003EPSS