7 matches found
CVE-2021-24810
The CVE-2021-24810 vulnerability affects the WP Event Manager WordPress plugin prior to version 3.1.23. The issue is that certain Field Editor settings are not properly escaped when output, enabling stored Cross-Site Scripting (XSS) by high-privilege users (admin+). This is triggered via the Fiel...
CVE-2022-1474
The CVE-2022-1474 entry concerns the WordPress WP Event Manager plugin prior to version 3.1.28, where the search input shown in the event dashboard is not properly sanitized/escaped before being echoed in an attribute, allowing Reflected Cross-Site Scripting. Public records in connected documents...
CVE-2024-2691
CVE-2024-2691 affects the WordPress plugin WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce . All versions up to and including 3.1.43 are vulnerable to Stored Cross-Site Scripting (XSS) via the plugin’s 'events' shortcode due to insufficient input sanitization and ...
CVE-2024-0976
The CVE concerns WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce (WordPress) up to version 3.1.41, which is vulnerable to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping in a plugin parameter. Unauthenticated attackers cou...
CVE-2023-4423
CVE-2023-4423 affects the WordPress plugin WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce . The vulnerability is a stored cross-site scripting (XSS) issue in admin settings present up to version 3.1.37.1, caused by insufficient input sanitization and output escap...
CVE-2025-2800
CVE-2025-2800 affects WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce (WordPress). The vulnerability is an unauthenticated stored cross-site scripting flaw via the organizer_name parameter in all versions up to and including 3.1.50. Public sources in connected doc...
CVE-2025-2799
CVE-2025-2799 affects the WordPress plugin WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce (versions up to 3.1.49). The vulnerability is a Stored Cross‑Site Scripting via the tag-name parameter, caused by insufficient input sanitization and output escaping. Exploi...