Lucene search

K
Wp-eventmanagerWp Event Manager*

7 matches found

CVE
CVE
added 2022/03/07 9:15 a.m.70 views

CVE-2021-24810

The WP Event Manager WordPress plugin before 3.1.23 does not escape some of its Field Editor settings when outputting them, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

4.8CVSS4.7AI score0.00206EPSS
CVE
CVE
added 2022/07/11 1:15 p.m.57 views

CVE-2022-1474

The WP Event Manager WordPress plugin before 3.1.28 does not sanitise and escape its search before outputting it back in an attribute on the event dashboard, leading to a Reflected Cross-Site Scripting

6.1CVSS6AI score0.00218EPSS
Web
CVE
CVE
added 2024/07/16 9:15 a.m.49 views

CVE-2024-2691

The WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'events' shortcode in all versions up to, and including, 3.1.43 due to insufficient input sanitization and output escaping on user ...

6.4CVSS5.5AI score0.00145EPSS
CVE
CVE
added 2024/03/13 4:15 p.m.39 views

CVE-2024-0976

The WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the plugin parameter in all versions up to, and including, 3.1.41 due to insufficient input sanitization and output escaping. This makes it p...

6.1CVSS6.4AI score0.01488EPSS
CVE
CVE
added 2023/09/27 3:19 p.m.30 views

CVE-2023-4423

The WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.1.37.1 due to insufficient input sanitization and output escaping. This makes it possible for...

4.8CVSS4.8AI score0.00317EPSS
CVE
CVE
added 2025/07/16 6:15 a.m.10 views

CVE-2025-2800

The WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘organizer_name' parameter in all versions up to, and including, 3.1.50 due to insufficient input sanitization and output escaping. This mak...

7.2CVSS5.8AI score0.00134EPSS
CVE
CVE
added 2025/07/16 6:15 a.m.6 views

CVE-2025-2799

The WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tag-name’ parameter in all versions up to, and including, 3.1.49 due to insufficient input sanitization and output escaping. This makes it ...

4.8CVSS5.5AI score0.00036EPSS