2 results (0.017 seconds)

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1

17 Aug 2022 — The Mobile Events Manager WordPress plugin before 1.4.8 does not properly escape the Enquiry source field when exporting events, or the Paid for field when exporting transactions as CSV, leading to a CSV injection vulnerability. El plugin Mobile Events Manager de WordPress versiones anteriores a 1.4.8 no escapa apropiadamente del campo Enquiry source cuando son exportados eventos, o del campo Paid for cuando son exportados transacciones como CSV, conllevando a una vulnerabilidad de inyección CSV The Mobile ... • https://wpscan.com/vulnerability/62be0991-f095-43cf-a167-3daaed254594 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1

24 Dec 2021 — The Mobile Events Manager WordPress plugin before 1.4.4 does not sanitise and escape various of its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed El plugin Mobile Events Manager de WordPress versiones anteriores a la versión 1.4.4, no sanea y escapa de varias de sus configuraciones, permitiendo a usuarios con altos privilegios llevar a cabo ataques de tipo Cross-Site Scripting incluso cuando la capacidad unfiltered_html... • https://plugins.trac.wordpress.org/changeset/2647987 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •