Lucene search
+L
Wp-eventmanagerWp Event Manager*

7 matches found

CVE
CVE
added 2022/03/07 8:16 a.m.79 views

CVE-2021-24810

The CVE-2021-24810 vulnerability affects the WP Event Manager WordPress plugin prior to version 3.1.23. The issue is that certain Field Editor settings are not properly escaped when output, enabling stored Cross-Site Scripting (XSS) by high-privilege users (admin+). This is triggered via the Fiel...

4.8CVSS4.7AI score0.00588EPSS
CVE
CVE
added 2022/07/11 12:55 p.m.71 views

CVE-2022-1474

The CVE-2022-1474 entry concerns the WordPress WP Event Manager plugin prior to version 3.1.28, where the search input shown in the event dashboard is not properly sanitized/escaped before being echoed in an attribute, allowing Reflected Cross-Site Scripting. Public records in connected documents...

6.1CVSS6AI score0.00796EPSS
Web
CVE
CVE
added 2024/07/16 8:32 a.m.61 views

CVE-2024-2691

CVE-2024-2691 affects the WordPress plugin WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce . All versions up to and including 3.1.43 are vulnerable to Stored Cross-Site Scripting (XSS) via the plugin’s 'events' shortcode due to insufficient input sanitization and ...

6.4CVSS5.5AI score0.00316EPSS
CVE
CVE
added 2024/03/13 3:26 p.m.52 views

CVE-2024-0976

The CVE concerns WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce (WordPress) up to version 3.1.41, which is vulnerable to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping in a plugin parameter. Unauthenticated attackers cou...

6.1CVSS6.4AI score0.00592EPSS
CVE
CVE
added 2023/09/27 3:3 a.m.41 views

CVE-2023-4423

CVE-2023-4423 affects the WordPress plugin WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce . The vulnerability is a stored cross-site scripting (XSS) issue in admin settings present up to version 3.1.37.1, caused by insufficient input sanitization and output escap...

4.8CVSS4.8AI score0.0051EPSS
CVE
CVE
added 2025/07/16 5:23 a.m.34 views

CVE-2025-2800

CVE-2025-2800 affects WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce (WordPress). The vulnerability is an unauthenticated stored cross-site scripting flaw via the organizer_name parameter in all versions up to and including 3.1.50. Public sources in connected doc...

7.2CVSS5.8AI score0.00262EPSS
CVE
CVE
added 2025/07/16 5:23 a.m.26 views

CVE-2025-2799

CVE-2025-2799 affects the WordPress plugin WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce (versions up to 3.1.49). The vulnerability is a Stored Cross‑Site Scripting via the tag-name parameter, caused by insufficient input sanitization and output escaping. Exploi...

4.8CVSS5.5AI score0.00205EPSS