10 matches found
CVE-2021-24810
The CVE-2021-24810 vulnerability affects the WP Event Manager WordPress plugin prior to version 3.1.23. The issue is that certain Field Editor settings are not properly escaped when output, enabling stored Cross-Site Scripting (XSS) by high-privilege users (admin+). This is triggered via the Fiel...
CVE-2022-1474
The CVE-2022-1474 entry concerns the WordPress WP Event Manager plugin prior to version 3.1.28, where the search input shown in the event dashboard is not properly sanitized/escaped before being echoed in an attribute, allowing Reflected Cross-Site Scripting. Public records in connected documents...
CVE-2023-49181
CVE-2023-49181 affects the WordPress plugin WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce . The vulnerability is an Improp er Neutralization of Input During Web Page Generation leading to a Stored XSS . Affected versions are listed as up to and including 3.1.40 ...
CVE-2023-47697
CVE-2023-47697 concerns an unauthenticated reflected Cross-Site Scripting (XSS) in the WordPress WP Event Manager plugin (Events Calendar, Registrations, Sell Tickets with WooCommerce). Public sources consistently identify the vulnerable lineage as WP Event Manager plugin versions up to 3.1.39 (s...
CVE-2024-2691
CVE-2024-2691 affects the WordPress plugin WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce . All versions up to and including 3.1.43 are vulnerable to Stored Cross-Site Scripting (XSS) via the plugin’s 'events' shortcode due to insufficient input sanitization and ...
CVE-2024-0976
The CVE concerns WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce (WordPress) up to version 3.1.41, which is vulnerable to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping in a plugin parameter. Unauthenticated attackers cou...
CVE-2023-52118
CVE-2023-52118 affects the WP User Profile Avatar plugin for WordPress. Description: Improper neutralization of input during web page generation enables Stored XSS in WP User Profile Avatar versions n/a through 1.0. Root cause: inadequate input sanitization during rendering. Impact: stored script...
CVE-2023-4423
CVE-2023-4423 affects the WordPress plugin WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce . The vulnerability is a stored cross-site scripting (XSS) issue in admin settings present up to version 3.1.37.1, caused by insufficient input sanitization and output escap...
CVE-2025-2800
CVE-2025-2800 affects WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce (WordPress). The vulnerability is an unauthenticated stored cross-site scripting flaw via the organizer_name parameter in all versions up to and including 3.1.50. Public sources in connected doc...
CVE-2025-2799
CVE-2025-2799 affects the WordPress plugin WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce (versions up to 3.1.49). The vulnerability is a Stored Cross‑Site Scripting via the tag-name parameter, caused by insufficient input sanitization and output escaping. Exploi...