Wp Event Manager@* Security Vulnerabilities and Issues — Wp Event Manager@* CVE List

Lucene search

Wp-eventmanagerWp Event Manager*

10 matches found

CVE•added 2022/03/07 9:15 a.m.•70 views

CVE-2021-24810

The WP Event Manager WordPress plugin before 3.1.23 does not escape some of its Field Editor settings when outputting them, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

4.8CVSS4.7AI score0.00206EPSS

CVE•added 2022/07/11 1:15 p.m.•57 views

CVE-2022-1474

The WP Event Manager WordPress plugin before 3.1.28 does not sanitise and escape its search before outputting it back in an attribute on the event dashboard, leading to a Reflected Cross-Site Scripting

6.1CVSS6AI score0.00144EPSS

Web

CVE•added 2023/12/15 3:15 p.m.•50 views

CVE-2023-49181

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Event Manager WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce allows Stored XSS.This issue affects WP Event Manager – Events Calendar, Registrations, Sell Ticket...

5.9CVSS5.8AI score0.00118EPSS

CVE•added 2024/07/16 9:15 a.m.•48 views

CVE-2024-2691

The WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'events' shortcode in all versions up to, and including, 3.1.43 due to insufficient input sanitization and output escaping on user ...

6.4CVSS5.5AI score0.00145EPSS

CVE•added 2023/11/13 11:15 p.m.•47 views

CVE-2023-47697

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP Event Manager WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin

7.1CVSS6AI score0.00096EPSS

CVE•added 2024/03/13 4:15 p.m.•39 views

CVE-2024-0976

The WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the plugin parameter in all versions up to, and including, 3.1.41 due to insufficient input sanitization and output escaping. This makes it p...

6.1CVSS6.4AI score0.01488EPSS

CVE•added 2024/02/01 11:15 a.m.•33 views

CVE-2023-52118

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Event Manager WP User Profile Avatar allows Stored XSS.This issue affects WP User Profile Avatar: from n/a through 1.0.

6.5CVSS5.4AI score0.00077EPSS

CVE•added 2023/09/27 3:19 p.m.•30 views

CVE-2023-4423

The WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.1.37.1 due to insufficient input sanitization and output escaping. This makes it possible for...

4.8CVSS4.8AI score0.00162EPSS

CVE•added 2025/07/16 6:15 a.m.•9 views

CVE-2025-2800

The WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘organizer_name' parameter in all versions up to, and including, 3.1.50 due to insufficient input sanitization and output escaping. This mak...

7.2CVSS5.8AI score0.00116EPSS

CVE•added 2025/07/16 6:15 a.m.•5 views

CVE-2025-2799

The WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tag-name’ parameter in all versions up to, and including, 3.1.49 due to insufficient input sanitization and output escaping. This makes it ...

4.8CVSS5.5AI score0.00031EPSS