CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0576 – Events Manager <= 5.8.1.3 - Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-0576
Cross-site scripting vulnerability in Events Manager plugin prior to version 5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad Cross-Site Scripting (XSS) en el plugin Events Manager, en versiones anteriores a la 5.9 para WordPress, permite que los atacantes remotos inyecten scripts web o HTML arbitrarios utilizando vectores no especificados. • http://jvn.jp/en/jp/JVN85531148/index.html https://wordpress.org/plugins/events-manager/#developers https://wpvulndb.com/vulnerabilities/9609 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-9298 – Events Manager <= 5.5.7.1 - Code Injection
https://notcve.org/view.php?id=CVE-2015-9298
The events-manager plugin before 5.6 for WordPress has code injection. El complemento events-manager anterior a 5.6 para WordPress tiene inyección de código. The Events Manager plugin for WordPress is vulnerable to Code Injection in versions up to, and including, 5.5.7.1. This makes it possible for attackers to inject code onto the server and potentially execute it. • https://wordpress.org/plugins/events-manager/#developers https://wpvulndb.com/vulnerabilities/9761 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-9297 – Events Manager <= 5.5.7.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-9297
The events-manager plugin before 5.6 for WordPress has XSS. El complemento events-manager anterior a 5.6 para WordPress tiene XSS. • https://wordpress.org/plugins/events-manager/#developers https://wpvulndb.com/vulnerabilities/9761 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-9299 – Events Manager < 5.5.7.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-9299
The events-manager plugin before 5.5.7.1 for WordPress has DOM XSS. El complemento events-manager anterior a 5.5.7.1 para WordPress tiene DOM XSS. The events-manager plugin before 5.5.7.1 for WordPress has DOM XSS via the dbem_event_reapproved_email_body parameter. • https://wordpress.org/plugins/events-manager/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-9300 – Events Manager < 5.5.7 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-9300
The events-manager plugin before 5.5.7 for WordPress has multiple XSS issues. El complemento events-manager anterior a 5.5.7 para WordPress tiene múltiples problemas de XSS. • https://wordpress.org/plugins/events-manager/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •