Wp Event Manager@* Security Vulnerabilities and Issues — Wp Event Manager@* CVE List

Lucene search

Wp-eventmanagerWp Event Manager*

7 matches found

CVE•added 2022/03/07 9:15 a.m.•70 views

CVE-2021-24810

The WP Event Manager WordPress plugin before 3.1.23 does not escape some of its Field Editor settings when outputting them, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

4.8CVSS4.7AI score0.00206EPSS

CVE•added 2022/07/11 1:15 p.m.•57 views

CVE-2022-1474

The WP Event Manager WordPress plugin before 3.1.28 does not sanitise and escape its search before outputting it back in an attribute on the event dashboard, leading to a Reflected Cross-Site Scripting

6.1CVSS6AI score0.00218EPSS

Web

CVE•added 2024/07/16 9:15 a.m.•49 views

CVE-2024-2691

The WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'events' shortcode in all versions up to, and including, 3.1.43 due to insufficient input sanitization and output escaping on user ...

6.4CVSS5.5AI score0.00145EPSS

CVE•added 2024/03/13 4:15 p.m.•39 views

CVE-2024-0976

The WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the plugin parameter in all versions up to, and including, 3.1.41 due to insufficient input sanitization and output escaping. This makes it p...

6.1CVSS6.4AI score0.01488EPSS

CVE•added 2023/09/27 3:19 p.m.•30 views

CVE-2023-4423

The WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.1.37.1 due to insufficient input sanitization and output escaping. This makes it possible for...

4.8CVSS4.8AI score0.00317EPSS

CVE•added 2025/07/16 6:15 a.m.•10 views

CVE-2025-2800

The WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘organizer_name' parameter in all versions up to, and including, 3.1.50 due to insufficient input sanitization and output escaping. This mak...

7.2CVSS5.8AI score0.00134EPSS

CVE•added 2025/07/16 6:15 a.m.•6 views

CVE-2025-2799

The WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tag-name’ parameter in all versions up to, and including, 3.1.49 due to insufficient input sanitization and output escaping. This makes it ...

4.8CVSS5.5AI score0.00036EPSS