CVE-2024-50532 – Events Manager Pro – extended <= 0.1 - Cross-Site Request Forgery to Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-50532
The Events Manager Pro – extended plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2024-30421 – WordPress Events Manager plugin <= 6.4.7.1 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-30421
Cross-Site Request Forgery (CSRF) vulnerability in Pixelite Events Manager.This issue affects Events Manager: from n/a through 6.4.7.1. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Pixelite Events Manager. Este problema afecta a Events Manager: desde n/a hasta 6.4.7.1. The Events Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.4.7.1. This is due to missing or incorrect nonce validation. • https://patchstack.com/database/vulnerability/events-manager/wordpress-events-manager-plugin-6-4-7-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2024-30515 – WordPress Events Manager plugin <= 6.4.6.4 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-30515
Missing Authorization vulnerability in Pixelite Events Manager.This issue affects Events Manager: from n/a through 6.4.6.4. Vulnerabilidad de autorización faltante en Pixelite Events Manager. Este problema afecta al Events Manager: desde n/a hasta 6.4.6.4. The Events Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check in versions up to, and including, 6.4.6.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actions. • https://patchstack.com/database/vulnerability/events-manager/wordpress-events-manager-plugin-6-4-6-4-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVE-2018-9020 – Events Manager <= 5.8.1.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-9020
The Events Manager plugin before 5.8.1.2 for WordPress allows XSS via the events-manager.js mapTitle parameter in the Google Maps miniature. El plugin Events Manager en versiones anteriores a la 5.8.1.2 para WordPress permite Cross-Site Scripting (XSS) mediante el parámetro mapTitle en events-manager.js en la miniatura de Google Maps. • http://wp-events-plugin.com/blog/2018/01/15/events-manager-5-8-1-2-security-release https://wordpress.org/plugins/events-manager/#developers https://www.gubello.me/blog/events-manager-authenticated-stored-xss https://www.youtube.com/watch?v=40d7uXl36O4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •