Lucene search
K
PixeliteEvents Manager

26 matches found

CVE
CVE
added 2025/02/21 5:22 a.m.100 views

CVE-2024-11260

CVE-2024-11260 affects the WordPress plugin Events Manager – Calendar, Bookings, Tickets, and more! The Wordfence summary confirms a time-based SQL Injection via the active_status parameter in all versions up to 6.6.3, caused by insufficient escaping and incomplete query preparation, enabling una...

7.5CVSS7.7AI score0.00553EPSS
CVE
CVE
added 2019/10/16 2:2 p.m.87 views

CVE-2019-16523

The CVE refers to the WordPress Events Manager plugin (up to v5.9.5) being vulnerable to Stored XSS via improper encoding/insertion of data provided to the map_style attribute of the locations_map and events_map shortcodes. Root cause: insufficient encoding of user-controlled input embedded into ...

5.4CVSS5.3AI score0.01238EPSS
CVE
CVE
added 2023/11/30 11:15 a.m.87 views

CVE-2023-48326

CVE-2023-48326 affects the WordPress Events Manager plugin (vulnerable:

7.1CVSS7AI score0.00403EPSS
CVE
CVE
added 2024/03/28 2:4 a.m.80 views

CVE-2024-2111

CVE-2024-2111 affects the WordPress plugin Events Manager (Calendar, Bookings, Tickets, etc.). The Red Hat and CVE records confirm a Stored Cross-Site Scripting vulnerability via the physical location value in all versions up to 6.4.7.1, caused by insufficient input sanitization and output escapi...

6.4CVSS7.5AI score0.0034EPSS
CVE
CVE
added 2025/07/09 10:22 p.m.74 views

CVE-2025-6970

Summary: CVE-2025-6970 affects the WordPress plugin “Events Manager” (<= 7.0.3). The vulnerability is a time-based SQL Injection via the orderby parameter caused by insufficient escaping and inadequate query preparation. This allows unauthenticated attackers to append arbitrary SQL to existing...

7.5CVSS7.2AI score0.55683EPSS
Web
CVE
CVE
added 2019/08/13 4:42 p.m.69 views

CVE-2015-9298

The CVE-2015-9298 entry concerns the WordPress events-manager plugin, specifically versions prior to 5.6, which is affected by code injection. Multiple sources (NVD entry and repeat citations across Red Hat, CNVD, CVE lists, and WPVulnDB/PT Security) confirm the issue as a code injection flaw in ...

9.8CVSS9.7AI score0.021EPSS
CVE
CVE
added 2024/06/09 11:0 a.m.68 views

CVE-2024-30515

CVE-2024-30515 is a Missing Authorization vulnerability in the WordPress plugin Pixelite Events Manager (Events Manager) affecting version range n/a–6.4.6.4. Multiple connected sources describe it as a Broken Access Control / Missing Authorization issue, with CVSSv3.1 base score 8.8 (HIGH) from N...

8.8CVSS5AI score0.00323EPSS
CVE
CVE
added 2024/03/28 2:4 a.m.67 views

CVE-2024-2110

The CVE-2024-2110 issue affects the WordPress plugin Events Manager – Calendar, Bookings, Tickets, and more! The Red Hat and Wordfence references confirm a Cross-Site Request Forgery (CSRF) vulnerability in all versions up to 6.4.7.1 due to missing/incorrect nonce validation on multiple actions. ...

4.3CVSS8.9AI score0.00215EPSS
CVE
CVE
added 2019/08/13 4:43 p.m.66 views

CVE-2015-9297

The CVE-2015-9297 entry refers to the WordPress Events Manager plugin, affected up to versions earlier than 5.6, which contains an XSS vulnerability in the plugin. The connected Red Hat and CNVD/CVE records corroborate an XSS issue in this plugin. The NVD metrics (CVSS v3.1 base score 6.1 MEDIUM;...

6.1CVSS6.4AI score0.00924EPSS
CVE
CVE
added 2024/06/29 4:33 a.m.64 views

CVE-2024-5889

CVE-2024-5889 affects the WordPress plugin Events Manager (Calendar, Bookings, Tickets, etc.) and is a Reflected Cross-Site Scripting vulnerability exploitable via the country parameter in all versions up to 6.4.8. Root cause is insufficient input sanitization and output escaping, allowing unauth...

6.1CVSS6.2AI score0.0031EPSS
CVE
CVE
added 2024/03/13 3:26 p.m.61 views

CVE-2024-0614

CVE-2024-0614 affects the WordPress plugin “Events Manager” (Calendar, Bookings, Tickets, and more!). It enables stored cross-site scripting via admin settings in all versions up to and including 6.4.6.4 due to insufficient input sanitization and output escaping. Exploitation requires authenticat...

4.8CVSS5AI score0.00685EPSS
CVE
CVE
added 2019/04/12 5:52 p.m.60 views

CVE-2018-13137

The CVE-2018-13137 entry affects the WordPress Events Manager plugin, version 5.9.4, with a cross-site scripting (XSS) flaw in the dbem_event_reapproved_email_body parameter used in the wp-admin/edit.php?post_type=event&page=events-manager-options URI. Public sources describe this as an XSS vulne...

4.8CVSS4.9AI score0.01209EPSS
Web
CVE
CVE
added 2024/06/12 11:5 a.m.60 views

CVE-2024-3492

CVE-2024-3492 – The WordPress plugin Events Manager (versions ≤ 6.4.7.3) is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcodes: event , location , and event_category . The root cause is insufficient input sanitization and output escaping on user-supplied shortcode attributes, a...

6.4CVSS5.9AI score0.00291EPSS
CVE
CVE
added 2018/05/14 1:0 p.m.59 views

CVE-2018-0576

The CVE-2018-0576 issue concerns the WordPress plugin Events Manager (prior to version 5.9). The vulnerability is a cross-site scripting (XSS) flaw that could allow remote attackers to inject arbitrary script or HTML via unspecified vectors, potentially executing in a logged-in user’s browser. Af...

5.4CVSS5.4AI score0.01517EPSS
CVE
CVE
added 2019/08/22 12:25 p.m.52 views

CVE-2013-7477

The CVE-2013-7477 entry concerns the WordPress Events Manager plugin, with an XSS flaw in the booking form present in versions prior to 5.5.2. Affected software: events-manager plugin for WordPress; vulnerable component: booking form input handling. Root cause per sources is an XSS vulnerability,...

6.1CVSS6AI score0.00913EPSS
CVE
CVE
added 2019/08/13 4:42 p.m.51 views

CVE-2015-9299

CVE-2015-9299 is a DOM XSS vulnerability in the WordPress Events Manager plugin prior to 5.5.7.1. The root cause is DOM-based XSS in the events-manager component, leading to potential client-side code execution with low integrity impact and no confidentiality/availability impact according to CVSS...

6.1CVSS6.4AI score0.00923EPSS
CVE
CVE
added 2019/08/13 4:41 p.m.51 views

CVE-2015-9300

The CVE-2015-9300 entry concerns the WordPress Events Manager plugin, specifically versions prior to 5.5.7. Multiple cross-site scripting (XSS) issues are reported in this plugin, affecting the plugin’s handling of user-supplied data and potentially enabling client-side code execution. Public ref...

6.1CVSS6.1AI score0.00923EPSS
CVE
CVE
added 2019/08/22 12:28 p.m.50 views

CVE-2012-6716

The CVE-2012-6716 entry relates to the WordPress Events Manager plugin prior to 5.1.7, which has a cross-site scripting (XSS) vulnerability via JSON call links. Connected sources confirm the affected software and version (pre-5.1.7) and describe the payload as client-side script injection through...

6.1CVSS6AI score0.00913EPSS
CVE
CVE
added 2019/08/22 12:27 p.m.50 views

CVE-2013-7479

The events-manager plugin for WordPress (pre-5.3.9) contains an XSS flaw in the search form field. Affected versions are prior to 5.3.9; exploitation could enable client-side code execution via the search input. Root cause: unescaped input in the search field leading to script injection. Mitigati...

6.1CVSS6AI score0.00913EPSS
CVE
CVE
added 2019/08/22 12:26 p.m.49 views

CVE-2013-7478

The CVE-2013-7478 entry concerns the WordPress events-manager plugin (versions prior to 5.5). It describes a stored/reflected XSS vulnerability in the EM_Ticket::get_post function, enabling client-side script execution. Affected product/component: events-manager WordPress plugin; root cause: XSS ...

6.1CVSS6AI score0.00913EPSS
CVE
CVE
added 2019/08/22 12:28 p.m.46 views

CVE-2013-7480

CVE-2013-7480 concerns the WordPress Events Manager plugin prior to version 5.3.6.1, where an XSS flaw exists via the booking form and admin areas. The Red Hat, CNVD, CVE records and WPVulnDB entries consistently describe the issue as a cross-site scripting vulnerability that can affect the plugi...

6.1CVSS6AI score0.00913EPSS
CVE
CVE
added 2021/12/01 10:50 p.m.43 views

CVE-2020-35012

The CVE concerns the Events Manager WordPress plugin (versions before 5.9.8). The root cause is failure to sanitise and escape a parameter before using it in an SQL statement, resulting in an SQL Injection. The vulnerability affects the plugin’s handling of input within SQL queries, with potentia...

7.2CVSS7.2AI score0.01484EPSS
CVE
CVE
added 2021/12/01 10:50 p.m.42 views

CVE-2020-35037

Summary: CVE-2020-35037 affects the Events Manager WordPress plugin prior to 5.9.8. The vulnerability arises because certain search parameters are not sanitized/escaped before being output on pages, enabling cross-site scripting (XSS). Impact: potential client-side code execution via crafted sear...

6.1CVSS6AI score0.00876EPSS
CVE
CVE
added 2018/03/26 2:0 a.m.41 views

CVE-2018-9020

The CVE-2018-9020 entry concerns the WordPress Events Manager plugin (pre-5.8.1.2). Concrete detail: an XSS vulnerability arises via the events-manager.js mapTitle parameter in the Google Maps miniature, due to lack of proper escaping. This affects the Events Manager plugin for WordPress; exploit...

5.4CVSS5.2AI score0.01058EPSS
CVE
CVE
added 2025/07/09 10:22 p.m.40 views

CVE-2025-6975

CVE-2025-6975 concerns the WordPress plugin Events Manager – Calendar, Bookings, Tickets, and more! Affected versions up to 7.0.3 are vulnerable to Reflected Cross‑Site Scripting via the calendar_header parameter due to insufficient input sanitization and output escaping. Exploitation requires no...

6.1CVSS6.1AI score0.00251EPSS
CVE
CVE
added 2025/07/09 10:22 p.m.32 views

CVE-2025-6976

CVE-2025-6976 affects the WordPress plugin Events Manager (versions up to 7.0.3, with citations indicating a fix in 7.0.4+). The issue is Stored Cross-Site Scripting via shortcode attributes caused by insufficient input sanitization and output escaping, enabling authenticated attackers with contr...

6.4CVSS5.5AI score0.00224EPSS