Vulnerabilities > WP Eventmanager > WP Event Manager > 3.1.29

DATE CVE VULNERABILITY TITLE RISK
2024-07-16 CVE-2024-2691 Cross-site Scripting vulnerability in Wp-Eventmanager WP Event Manager
The WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'events' shortcode in all versions up to, and including, 3.1.43 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
wp-eventmanager CWE-79
5.4
5.4
2023-12-15 CVE-2023-49181 Unspecified vulnerability in Wp-Eventmanager WP Event Manager
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Event Manager WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce allows Stored XSS.This issue affects WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce: from n/a through 3.1.40.
network
low complexity
wp-eventmanager
5.4
5.4
2023-11-13 CVE-2023-47697 Unspecified vulnerability in Wp-Eventmanager WP Event Manager
Unauth.
network
low complexity
wp-eventmanager
6.1
6.1
2023-09-27 CVE-2023-4423 Unspecified vulnerability in Wp-Eventmanager WP Event Manager
The WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.1.37.1 due to insufficient input sanitization and output escaping.
network
low complexity
wp-eventmanager
4.8
4.8