Lucene search
K
Wp-eventmanagerWp Event Manager

10 matches found

CVE
CVE
added 2022/03/07 8:16 a.m.79 views

CVE-2021-24810

The CVE-2021-24810 vulnerability affects the WP Event Manager WordPress plugin prior to version 3.1.23. The issue is that certain Field Editor settings are not properly escaped when output, enabling stored Cross-Site Scripting (XSS) by high-privilege users (admin+). This is triggered via the Fiel...

4.8CVSS4.7AI score0.00588EPSS
CVE
CVE
added 2022/07/11 12:55 p.m.70 views

CVE-2022-1474

The CVE-2022-1474 entry concerns the WordPress WP Event Manager plugin prior to version 3.1.28, where the search input shown in the event dashboard is not properly sanitized/escaped before being echoed in an attribute, allowing Reflected Cross-Site Scripting. Public records in connected documents...

6.1CVSS6AI score0.00712EPSS
Web
CVE
CVE
added 2023/12/15 2:49 p.m.60 views

CVE-2023-49181

CVE-2023-49181 affects the WordPress plugin WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce . The vulnerability is an Improp er Neutralization of Input During Web Page Generation leading to a Stored XSS . Affected versions are listed as up to and including 3.1.40 ...

5.9CVSS6.7AI score0.00382EPSS
CVE
CVE
added 2023/11/13 10:28 p.m.59 views

CVE-2023-47697

CVE-2023-47697 concerns an unauthenticated reflected Cross-Site Scripting (XSS) in the WordPress WP Event Manager plugin (Events Calendar, Registrations, Sell Tickets with WooCommerce). Public sources consistently identify the vulnerable lineage as WP Event Manager plugin versions up to 3.1.39 (s...

7.1CVSS6AI score0.00437EPSS
CVE
CVE
added 2024/07/16 8:32 a.m.59 views

CVE-2024-2691

CVE-2024-2691 affects the WordPress plugin WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce . All versions up to and including 3.1.43 are vulnerable to Stored Cross-Site Scripting (XSS) via the plugin’s 'events' shortcode due to insufficient input sanitization and ...

6.4CVSS5.5AI score0.00316EPSS
CVE
CVE
added 2024/03/13 3:26 p.m.50 views

CVE-2024-0976

The CVE concerns WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce (WordPress) up to version 3.1.41, which is vulnerable to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping in a plugin parameter. Unauthenticated attackers cou...

6.1CVSS6.4AI score0.00592EPSS
CVE
CVE
added 2024/02/01 10:8 a.m.46 views

CVE-2023-52118

CVE-2023-52118 affects the WP User Profile Avatar plugin for WordPress. Description: Improper neutralization of input during web page generation enables Stored XSS in WP User Profile Avatar versions n/a through 1.0. Root cause: inadequate input sanitization during rendering. Impact: stored script...

6.5CVSS6.7AI score0.00328EPSS
CVE
CVE
added 2023/09/27 3:3 a.m.39 views

CVE-2023-4423

CVE-2023-4423 affects the WordPress plugin WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce . The vulnerability is a stored cross-site scripting (XSS) issue in admin settings present up to version 3.1.37.1, caused by insufficient input sanitization and output escap...

4.8CVSS4.8AI score0.0051EPSS
CVE
CVE
added 2025/07/16 5:23 a.m.29 views

CVE-2025-2800

CVE-2025-2800 affects WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce (WordPress). The vulnerability is an unauthenticated stored cross-site scripting flaw via the organizer_name parameter in all versions up to and including 3.1.50. Public sources in connected doc...

7.2CVSS5.8AI score0.00262EPSS
CVE
CVE
added 2025/07/16 5:23 a.m.25 views

CVE-2025-2799

CVE-2025-2799 affects the WordPress plugin WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce (versions up to 3.1.49). The vulnerability is a Stored Cross‑Site Scripting via the tag-name parameter, caused by insufficient input sanitization and output escaping. Exploi...

4.8CVSS5.5AI score0.00205EPSS