Pixelite: >> Events Manager >> 2.0 Security Vulnerabilities
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pixelite Events Manager allows Reflected XSS.This issue affects Events Manager: from n/a through 6.4.5.
CVSS Score
7.1
EPSS Score
0.002
Published
2023-11-30
The Events Manager WordPress plugin before 5.9.8 does not sanitise and escape a parameter before using it in a SQL statement, leading to an SQL Injection
CVSS Score
7.2
EPSS Score
0.008
Published
2021-12-01
The Events Manager WordPress plugin before 5.9.8 does not sanitise and escape some search parameter before outputing them in pages, which could lead to Cross-Site Scripting issues
CVSS Score
6.1
EPSS Score
0.002
Published
2021-12-01
The events-manager plugin through 5.9.5 for WordPress (aka Events Manager) is susceptible to Stored XSS due to improper encoding and insertion of data provided to the attribute map_style of shortcodes (locations_map and events_map) provided by the plugin.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-10-16
The events-manager plugin before 5.1.7 for WordPress has XSS via JSON call links.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-22
The events-manager plugin before 5.5.2 for WordPress has XSS in the booking form.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-22
The events-manager plugin before 5.5 for WordPress has XSS via EM_Ticket::get_post.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-22
The events-manager plugin before 5.3.9 for WordPress has XSS in the search form field.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-22
The events-manager plugin before 5.3.6.1 for WordPress has XSS via the booking form and admin areas.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-22
The events-manager plugin before 5.5.7.1 for WordPress has DOM XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-13