Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Wp-events-plugin Subscribe
Filtered by product Events Manager
Total 14 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-9298 1 Wp-events-plugin 1 Events Manager 2023-02-28 7.5 HIGH 9.8 CRITICAL
The events-manager plugin before 5.6 for WordPress has code injection.
CVE-2015-9297 1 Wp-events-plugin 1 Events Manager 2023-02-28 4.3 MEDIUM 6.1 MEDIUM
The events-manager plugin before 5.6 for WordPress has XSS.
CVE-2020-35037 1 Wp-events-plugin 1 Events Manager 2021-12-03 4.3 MEDIUM 6.1 MEDIUM
The Events Manager WordPress plugin before 5.9.8 does not sanitise and escape some search parameter before outputing them in pages, which could lead to Cross-Site Scripting issues
CVE-2020-35012 1 Wp-events-plugin 1 Events Manager 2021-12-03 6.5 MEDIUM 7.2 HIGH
The Events Manager WordPress plugin before 5.9.8 does not sanitise and escape a parameter before using it in a SQL statement, leading to an SQL Injection
CVE-2018-0576 1 Wp-events-plugin 1 Events Manager 2020-01-09 3.5 LOW 5.4 MEDIUM
Cross-site scripting vulnerability in Events Manager plugin prior to version 5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2019-16523 1 Wp-events-plugin 1 Events Manager 2019-10-18 3.5 LOW 5.4 MEDIUM
The events-manager plugin through 5.9.5 for WordPress (aka Events Manager) is susceptible to Stored XSS due to improper encoding and insertion of data provided to the attribute map_style of shortcodes (locations_map and events_map) provided by the plugin.
CVE-2013-7479 1 Wp-events-plugin 1 Events Manager 2019-08-26 4.3 MEDIUM 6.1 MEDIUM
The events-manager plugin before 5.3.9 for WordPress has XSS in the search form field.
CVE-2013-7480 1 Wp-events-plugin 1 Events Manager 2019-08-26 4.3 MEDIUM 6.1 MEDIUM
The events-manager plugin before 5.3.6.1 for WordPress has XSS via the booking form and admin areas.
CVE-2013-7478 1 Wp-events-plugin 1 Events Manager 2019-08-26 4.3 MEDIUM 6.1 MEDIUM
The events-manager plugin before 5.5 for WordPress has XSS via EM_Ticket::get_post.
CVE-2013-7477 1 Wp-events-plugin 1 Events Manager 2019-08-26 4.3 MEDIUM 6.1 MEDIUM
The events-manager plugin before 5.5.2 for WordPress has XSS in the booking form.
CVE-2012-6716 1 Wp-events-plugin 1 Events Manager 2019-08-26 4.3 MEDIUM 6.1 MEDIUM
The events-manager plugin before 5.1.7 for WordPress has XSS via JSON call links.
CVE-2018-13137 1 Wp-events-plugin 1 Events Manager 2019-08-23 3.5 LOW 4.8 MEDIUM
The Events Manager plugin 5.9.4 for WordPress has XSS via the dbem_event_reapproved_email_body parameter to the wp-admin/edit.php?post_type=event&page=events-manager-options URI.
CVE-2015-9300 1 Wp-events-plugin 1 Events Manager 2019-08-15 4.3 MEDIUM 6.1 MEDIUM
The events-manager plugin before 5.5.7 for WordPress has multiple XSS issues.
CVE-2015-9299 1 Wp-events-plugin 1 Events Manager 2019-08-15 4.3 MEDIUM 6.1 MEDIUM
The events-manager plugin before 5.5.7.1 for WordPress has DOM XSS.