Vulnerabilities > WP Events Plugin
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-30 | CVE-2023-48326 | Cross-site Scripting vulnerability in Wp-Events-Plugin Events Manager Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pixelite Events Manager allows Reflected XSS.This issue affects Events Manager: from n/a through 6.4.5. | 6.1 |
| 2021-12-01 | CVE-2020-35012 | SQL Injection vulnerability in Wp-Events-Plugin Events Manager The Events Manager WordPress plugin before 5.9.8 does not sanitise and escape a parameter before using it in a SQL statement, leading to an SQL Injection | 6.5 |
| 2021-12-01 | CVE-2020-35037 | Cross-site Scripting vulnerability in Wp-Events-Plugin Events Manager The Events Manager WordPress plugin before 5.9.8 does not sanitise and escape some search parameter before outputing them in pages, which could lead to Cross-Site Scripting issues | 4.3 |
| 2019-10-16 | CVE-2019-16523 | Cross-site Scripting vulnerability in Wp-Events-Plugin Events Manager The events-manager plugin through 5.9.5 for WordPress (aka Events Manager) is susceptible to Stored XSS due to improper encoding and insertion of data provided to the attribute map_style of shortcodes (locations_map and events_map) provided by the plugin. | 3.5 |
| 2019-08-22 | CVE-2013-7480 | Cross-site Scripting vulnerability in Wp-Events-Plugin Events Manager The events-manager plugin before 5.3.6.1 for WordPress has XSS via the booking form and admin areas. | 4.3 |
| 2019-08-22 | CVE-2013-7479 | Cross-site Scripting vulnerability in Wp-Events-Plugin Events Manager The events-manager plugin before 5.3.9 for WordPress has XSS in the search form field. | 4.3 |
| 2019-08-22 | CVE-2013-7478 | Cross-site Scripting vulnerability in Wp-Events-Plugin Events Manager The events-manager plugin before 5.5 for WordPress has XSS via EM_Ticket::get_post. | 4.3 |
| 2019-08-22 | CVE-2013-7477 | Cross-site Scripting vulnerability in Wp-Events-Plugin Events Manager The events-manager plugin before 5.5.2 for WordPress has XSS in the booking form. | 4.3 |
| 2019-08-22 | CVE-2012-6716 | Cross-site Scripting vulnerability in Wp-Events-Plugin Events Manager The events-manager plugin before 5.1.7 for WordPress has XSS via JSON call links. | 4.3 |
| 2019-08-13 | CVE-2015-9300 | Cross-site Scripting vulnerability in Wp-Events-Plugin Events Manager The events-manager plugin before 5.5.7 for WordPress has multiple XSS issues. | 4.3 |