Wp Event Manager Security Vulnerabilities and Issues — Wp Event Manager CVE List

Lucene search

Wp-eventmanagerWp Event Manager

10 matches found

CVE•added 2022/03/07 9:15 a.m.•69 views

CVE-2021-24810

The WP Event Manager WordPress plugin before 3.1.23 does not escape some of its Field Editor settings when outputting them, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

4.8CVSS4.7AI score0.00195EPSS

CVE•added 2022/07/11 1:15 p.m.•56 views

CVE-2022-1474

The WP Event Manager WordPress plugin before 3.1.28 does not sanitise and escape its search before outputting it back in an attribute on the event dashboard, leading to a Reflected Cross-Site Scripting

6.1CVSS6AI score0.00124EPSS

CVE•added 2023/12/15 3:15 p.m.•49 views

CVE-2023-49181

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Event Manager WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce allows Stored XSS.This issue affects WP Event Manager – Events Calendar, Registrations, Sell Ticket...

5.9CVSS5.8AI score0.00118EPSS

CVE•added 2024/07/16 9:15 a.m.•47 views

CVE-2024-2691

The WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'events' shortcode in all versions up to, and including, 3.1.43 due to insufficient input sanitization and output escaping on user ...

6.4CVSS5.5AI score0.00064EPSS

CVE•added 2023/11/13 11:15 p.m.•46 views

CVE-2023-47697

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP Event Manager WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin

7.1CVSS6AI score0.00096EPSS

CVE•added 2024/03/13 4:15 p.m.•38 views

CVE-2024-0976

The WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the plugin parameter in all versions up to, and including, 3.1.41 due to insufficient input sanitization and output escaping. This makes it p...

6.1CVSS6.4AI score0.011EPSS

CVE•added 2024/02/01 11:15 a.m.•32 views

CVE-2023-52118

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Event Manager WP User Profile Avatar allows Stored XSS.This issue affects WP User Profile Avatar: from n/a through 1.0.

6.5CVSS5.4AI score0.00077EPSS

CVE•added 2023/09/27 3:19 p.m.•29 views

CVE-2023-4423

The WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.1.37.1 due to insufficient input sanitization and output escaping. This makes it possible for...

4.8CVSS4.8AI score0.00162EPSS

CVE•added 2025/07/16 6:15 a.m.•7 views

CVE-2025-2800

The WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘organizer_name' parameter in all versions up to, and including, 3.1.50 due to insufficient input sanitization and output escaping. This mak...

7.2CVSS5.8AI score0.0008EPSS

CVE•added 2025/07/16 6:15 a.m.•4 views

CVE-2025-2799

The WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tag-name’ parameter in all versions up to, and including, 3.1.49 due to insufficient input sanitization and output escaping. This makes it ...

4.8CVSS5.5AI score0.00029EPSS