CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48326 – WordPress Events Manager Plugin <= 6.4.5 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-48326
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pixelite Events Manager allows Reflected XSS.This issue affects Events Manager: from n/a through 6.4.5. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('cross-site Scripting') en Pixelite Events Manager permite XSS Reflejado. Este problema afecta a Events Manager: desde n/a hasta 6.4.5. The Events Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in all versions up to, and including, 6.4.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/events-manager/wordpress-events-manager-plugin-6-4-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2020-35012 – Events Manager < 5.9.8 - Admin+ SQL Injection
https://notcve.org/view.php?id=CVE-2020-35012
The Events Manager WordPress plugin before 5.9.8 does not sanitise and escape a parameter before using it in a SQL statement, leading to an SQL Injection El plugin Events Manager de WordPress versiones anteriores a 5.9.8, no sanea y escapa de un parámetro antes de usarlo en una sentencia SQL, conllevando a una Inyección SQL • https://plugins.trac.wordpress.org/changeset/2336019/events-manager https://wpscan.com/vulnerability/323140b1-66c4-4e7d-85a4-1c922e40866f • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-35037 – Events Manager < 5.9.8 - Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2020-35037
The Events Manager WordPress plugin before 5.9.8 does not sanitise and escape some search parameter before outputing them in pages, which could lead to Cross-Site Scripting issues El plugin Events Manager de WordPress versiones anteriores a 5.9.8, no sanea y escapa de algunos parámetros search antes de mostrarlos en las páginas, lo que podría conllevar a problemas de tipo Cross-Site Scripting • https://plugins.trac.wordpress.org/changeset/2336019/events-manager https://wpscan.com/vulnerability/937b9bdb-7e8e-4ea8-82ec-aa5f6bd70619 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 2CVE-2019-16523 – Events Manager <= 5.9.5 - Authenticated Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-16523
The events-manager plugin through 5.9.5 for WordPress (aka Events Manager) is susceptible to Stored XSS due to improper encoding and insertion of data provided to the attribute map_style of shortcodes (locations_map and events_map) provided by the plugin. El plugin events-manager versiones hasta 5.9.5 para WordPress (también se conoce como Events Manager), es susceptible a una vulnerabilidad de tipo XSS almacenado debido a la codificación e inserción inapropiada de los datos proporcionados en el atributo map_style de los shortcodes (locations_map y events_map) proporcionados por el plugin. • http://www.openwall.com/lists/oss-security/2019/10/16/4 https://github.com/sbaresearch/advisories/tree/public/2019/SBA-ADV-20190913-03_WordPress_Plugin_Events_Manager https://wordpress.org/plugins/events-manager/#developers https://wpvulndb.com/vulnerabilities/9916 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 2CVE-2018-13137 – Events Manager <= 5.9.4 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-13137
The Events Manager plugin 5.9.4 for WordPress has XSS via the dbem_event_reapproved_email_body parameter to the wp-admin/edit.php?post_type=event&page=events-manager-options URI. La versión 5.9.4 del plugin Events Manager para WordPress es vulnerable a XSS a través del parámetro dbem_event_reapproved_email_body a la URI wp-admin/edit.php?post_type=event&page=events-manager-options. • https://ansawaf.blogspot.com/2019/04/cve-2018-13137-xss-in-events-manager.html https://gist.github.com/ansarisec/12737c207c0851d52865ed60c08891b7 https://wordpress.org/plugins/events-manager/#developers https://wpvulndb.com/vulnerabilities/9612 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •