Page 2 of 19 results (0.003 seconds)

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 2

The events-manager plugin through 5.9.5 for WordPress (aka Events Manager) is susceptible to Stored XSS due to improper encoding and insertion of data provided to the attribute map_style of shortcodes (locations_map and events_map) provided by the plugin. El plugin events-manager versiones hasta 5.9.5 para WordPress (también se conoce como Events Manager), es susceptible a una vulnerabilidad de tipo XSS almacenado debido a la codificación e inserción inapropiada de los datos proporcionados en el atributo map_style de los shortcodes (locations_map y events_map) proporcionados por el plugin. • http://www.openwall.com/lists/oss-security/2019/10/16/4 https://github.com/sbaresearch/advisories/tree/public/2019/SBA-ADV-20190913-03_WordPress_Plugin_Events_Manager https://wordpress.org/plugins/events-manager/#developers https://wpvulndb.com/vulnerabilities/9916 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 2

The Events Manager plugin 5.9.4 for WordPress has XSS via the dbem_event_reapproved_email_body parameter to the wp-admin/edit.php?post_type=event&page=events-manager-options URI. La versión 5.9.4 del plugin Events Manager para WordPress es vulnerable a XSS a través del parámetro dbem_event_reapproved_email_body a la URI wp-admin/edit.php?post_type=event&page=events-manager-options. • https://ansawaf.blogspot.com/2019/04/cve-2018-13137-xss-in-events-manager.html https://gist.github.com/ansarisec/12737c207c0851d52865ed60c08891b7 https://wordpress.org/plugins/events-manager/#developers https://wpvulndb.com/vulnerabilities/9612 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting vulnerability in Events Manager plugin prior to version 5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad Cross-Site Scripting (XSS) en el plugin Events Manager, en versiones anteriores a la 5.9 para WordPress, permite que los atacantes remotos inyecten scripts web o HTML arbitrarios utilizando vectores no especificados. • http://jvn.jp/en/jp/JVN85531148/index.html https://wordpress.org/plugins/events-manager/#developers https://wpvulndb.com/vulnerabilities/9609 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1

The Events Manager plugin before 5.8.1.2 for WordPress allows XSS via the events-manager.js mapTitle parameter in the Google Maps miniature. El plugin Events Manager en versiones anteriores a la 5.8.1.2 para WordPress permite Cross-Site Scripting (XSS) mediante el parámetro mapTitle en events-manager.js en la miniatura de Google Maps. • http://wp-events-plugin.com/blog/2018/01/15/events-manager-5-8-1-2-security-release https://wordpress.org/plugins/events-manager/#developers https://www.gubello.me/blog/events-manager-authenticated-stored-xss https://www.youtube.com/watch?v=40d7uXl36O4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

The events-manager plugin before 5.6 for WordPress has code injection. El complemento events-manager anterior a 5.6 para WordPress tiene inyección de código. The Events Manager plugin for WordPress is vulnerable to Code Injection in versions up to, and including, 5.5.7.1. This makes it possible for attackers to inject code onto the server and potentially execute it. • https://wordpress.org/plugins/events-manager/#developers https://wpvulndb.com/vulnerabilities/9761 • CWE-94: Improper Control of Generation of Code ('Code Injection') •