17 results (0.006 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Cross-Site Request Forgery (CSRF) vulnerability in Pixelite Events Manager.This issue affects Events Manager: from n/a through 6.4.7.1. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Pixelite Events Manager. Este problema afecta a Events Manager: desde n/a hasta 6.4.7.1. The Events Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.4.7.1. This is due to missing or incorrect nonce validation. • https://patchstack.com/database/vulnerability/events-manager/wordpress-events-manager-plugin-6-4-7-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Missing Authorization vulnerability in Pixelite Events Manager.This issue affects Events Manager: from n/a through 6.4.6.4. Vulnerabilidad de autorización faltante en Pixelite Events Manager. Este problema afecta al Events Manager: desde n/a hasta 6.4.6.4. The Events Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check in versions up to, and including, 6.4.6.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actions. • https://patchstack.com/database/vulnerability/events-manager/wordpress-events-manager-plugin-6-4-6-4-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •

CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pixelite Events Manager allows Reflected XSS.This issue affects Events Manager: from n/a through 6.4.5. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('cross-site Scripting') en Pixelite Events Manager permite XSS Reflejado. Este problema afecta a Events Manager: desde n/a hasta 6.4.5. The Events Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in all versions up to, and including, 6.4.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/events-manager/wordpress-events-manager-plugin-6-4-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1

The Events Manager WordPress plugin before 5.9.8 does not sanitise and escape a parameter before using it in a SQL statement, leading to an SQL Injection El plugin Events Manager de WordPress versiones anteriores a 5.9.8, no sanea y escapa de un parámetro antes de usarlo en una sentencia SQL, conllevando a una Inyección SQL • https://plugins.trac.wordpress.org/changeset/2336019/events-manager https://wpscan.com/vulnerability/323140b1-66c4-4e7d-85a4-1c922e40866f • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

The Events Manager WordPress plugin before 5.9.8 does not sanitise and escape some search parameter before outputing them in pages, which could lead to Cross-Site Scripting issues El plugin Events Manager de WordPress versiones anteriores a 5.9.8, no sanea y escapa de algunos parámetros search antes de mostrarlos en las páginas, lo que podría conllevar a problemas de tipo Cross-Site Scripting • https://plugins.trac.wordpress.org/changeset/2336019/events-manager https://wpscan.com/vulnerability/937b9bdb-7e8e-4ea8-82ec-aa5f6bd70619 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •