Vulnerabilities > Pixelite > Events Manager > 5.11
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-21 | CVE-2024-11260 | SQL Injection vulnerability in Pixelite Events Manager The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to time-based SQL Injection via the active_status parameter in all versions up to, and including, 6.6.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.5 |
| 2024-06-12 | CVE-2024-3492 | Cross-site Scripting vulnerability in Pixelite Events Manager The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'event', 'location', and 'event_category' shortcodes in all versions up to, and including, 6.4.7.3 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-06-09 | CVE-2024-30515 | Unspecified vulnerability in Pixelite Events Manager Missing Authorization vulnerability in Pixelite Events Manager.This issue affects Events Manager: from n/a through 6.4.6.4. | 8.8 |
| 2024-03-28 | CVE-2024-2111 | Cross-site Scripting vulnerability in Pixelite Events Manager The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the physical location value in all versions up to, and including, 6.4.7.1 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-03-13 | CVE-2024-0614 | Cross-site Scripting vulnerability in Pixelite Events Manager The Events Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 6.4.6.4 due to insufficient input sanitization and output escaping. | 4.8 |
| 2023-11-30 | CVE-2023-48326 | Unspecified vulnerability in Pixelite Events Manager Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pixelite Events Manager allows Reflected XSS.This issue affects Events Manager: from n/a through 6.4.5. | 6.1 |