RSS   Vulnerabilities for 'Events manager'   RSS

2021-12-01
 
CVE-2020-35012

CWE-89
 

 
The Events Manager WordPress plugin before 5.9.8 does not sanitise and escape a parameter before using it in a SQL statement, leading to an SQL Injection

 
 
CVE-2020-35037

CWE-79
 

 
The Events Manager WordPress plugin before 5.9.8 does not sanitise and escape some search parameter before outputing them in pages, which could lead to Cross-Site Scripting issues

 
2019-08-22
 
CVE-2013-7480

CWE-79
 

 
The events-manager plugin before 5.3.6.1 for WordPress has XSS via the booking form and admin areas.

 
 
CVE-2013-7479

CWE-79
 

 
The events-manager plugin before 5.3.9 for WordPress has XSS in the search form field.

 
 
CVE-2013-7478

CWE-79
 

 
The events-manager plugin before 5.5 for WordPress has XSS via EM_Ticket::get_post.

 
 
CVE-2013-7477

CWE-79
 

 
The events-manager plugin before 5.5.2 for WordPress has XSS in the booking form.

 
 
CVE-2012-6716

CWE-79
 

 
The events-manager plugin before 5.1.7 for WordPress has XSS via JSON call links.

 
2019-08-13
 
CVE-2015-9300

CWE-79
 

 
The events-manager plugin before 5.5.7 for WordPress has multiple XSS issues.

 
 
CVE-2015-9299

CWE-79
 

 
The events-manager plugin before 5.5.7.1 for WordPress has DOM XSS.

 
 
CVE-2015-9298

CWE-94
 

 
The events-manager plugin before 5.6 for WordPress has code injection.

 


Copyright 2024, cxsecurity.com

 

Back to Top