Search criteria
4 vulnerabilities found for WP Event Manager – Easily Build your Calendar of Events! by Unknown
CVE-2022-1474 (GCVE-0-2022-1474)
Vulnerability from cvelistv5 – Published: 2022-07-11 12:55 – Updated: 2024-08-03 00:03
VLAI?
Title
WP Event Manager < 3.1.28 - Reflected Cross-Site Scripting
Summary
The WP Event Manager WordPress plugin before 3.1.28 does not sanitise and escape its search before outputting it back in an attribute on the event dashboard, leading to a Reflected Cross-Site Scripting
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | WP Event Manager – Easily Build your Calendar of Events! |
Affected:
3.1.28 , < 3.1.28
(custom)
|
Credits
Utkarsh Agrawal
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:03:06.292Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/2d821464-c502-4f71-afee-97b3dea16612"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WP Event Manager \u2013 Easily Build your Calendar of Events!",
"vendor": "Unknown",
"versions": [
{
"lessThan": "3.1.28",
"status": "affected",
"version": "3.1.28",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Utkarsh Agrawal"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP Event Manager WordPress plugin before 3.1.28 does not sanitise and escape its search before outputting it back in an attribute on the event dashboard, leading to a Reflected Cross-Site Scripting"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-11T12:55:45",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/2d821464-c502-4f71-afee-97b3dea16612"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WP Event Manager \u003c 3.1.28 - Reflected Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-1474",
"STATE": "PUBLIC",
"TITLE": "WP Event Manager \u003c 3.1.28 - Reflected Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WP Event Manager \u2013 Easily Build your Calendar of Events!",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "3.1.28",
"version_value": "3.1.28"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Utkarsh Agrawal"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WP Event Manager WordPress plugin before 3.1.28 does not sanitise and escape its search before outputting it back in an attribute on the event dashboard, leading to a Reflected Cross-Site Scripting"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/2d821464-c502-4f71-afee-97b3dea16612",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/2d821464-c502-4f71-afee-97b3dea16612"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-1474",
"datePublished": "2022-07-11T12:55:45",
"dateReserved": "2022-04-26T00:00:00",
"dateUpdated": "2024-08-03T00:03:06.292Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24810 (GCVE-0-2021-24810)
Vulnerability from cvelistv5 – Published: 2022-03-07 08:16 – Updated: 2024-08-03 19:42
VLAI?
Title
WP Event Manager < 3.1.23 - Admin+ Stored Cross-Site Scripting
Summary
The WP Event Manager WordPress plugin before 3.1.23 does not escape some of its Field Editor settings when outputting them, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | WP Event Manager – Easily Build your Calendar of Events! |
Affected:
3.1.23 , < 3.1.23
(custom)
|
Credits
Huy Nguyen
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:42:17.265Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/94670822-0251-4e77-8d7f-b47aa7232e52"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WP Event Manager \u2013 Easily Build your Calendar of Events!",
"vendor": "Unknown",
"versions": [
{
"lessThan": "3.1.23",
"status": "affected",
"version": "3.1.23",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Huy Nguyen"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP Event Manager WordPress plugin before 3.1.23 does not escape some of its Field Editor settings when outputting them, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-07T08:16:00",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/94670822-0251-4e77-8d7f-b47aa7232e52"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WP Event Manager \u003c 3.1.23 - Admin+ Stored Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24810",
"STATE": "PUBLIC",
"TITLE": "WP Event Manager \u003c 3.1.23 - Admin+ Stored Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WP Event Manager \u2013 Easily Build your Calendar of Events!",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "3.1.23",
"version_value": "3.1.23"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Huy Nguyen"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WP Event Manager WordPress plugin before 3.1.23 does not escape some of its Field Editor settings when outputting them, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/94670822-0251-4e77-8d7f-b47aa7232e52",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/94670822-0251-4e77-8d7f-b47aa7232e52"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24810",
"datePublished": "2022-03-07T08:16:00",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:42:17.265Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1474 (GCVE-0-2022-1474)
Vulnerability from nvd – Published: 2022-07-11 12:55 – Updated: 2024-08-03 00:03
VLAI?
Title
WP Event Manager < 3.1.28 - Reflected Cross-Site Scripting
Summary
The WP Event Manager WordPress plugin before 3.1.28 does not sanitise and escape its search before outputting it back in an attribute on the event dashboard, leading to a Reflected Cross-Site Scripting
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | WP Event Manager – Easily Build your Calendar of Events! |
Affected:
3.1.28 , < 3.1.28
(custom)
|
Credits
Utkarsh Agrawal
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:03:06.292Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/2d821464-c502-4f71-afee-97b3dea16612"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WP Event Manager \u2013 Easily Build your Calendar of Events!",
"vendor": "Unknown",
"versions": [
{
"lessThan": "3.1.28",
"status": "affected",
"version": "3.1.28",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Utkarsh Agrawal"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP Event Manager WordPress plugin before 3.1.28 does not sanitise and escape its search before outputting it back in an attribute on the event dashboard, leading to a Reflected Cross-Site Scripting"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-11T12:55:45",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/2d821464-c502-4f71-afee-97b3dea16612"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WP Event Manager \u003c 3.1.28 - Reflected Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-1474",
"STATE": "PUBLIC",
"TITLE": "WP Event Manager \u003c 3.1.28 - Reflected Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WP Event Manager \u2013 Easily Build your Calendar of Events!",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "3.1.28",
"version_value": "3.1.28"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Utkarsh Agrawal"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WP Event Manager WordPress plugin before 3.1.28 does not sanitise and escape its search before outputting it back in an attribute on the event dashboard, leading to a Reflected Cross-Site Scripting"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/2d821464-c502-4f71-afee-97b3dea16612",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/2d821464-c502-4f71-afee-97b3dea16612"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-1474",
"datePublished": "2022-07-11T12:55:45",
"dateReserved": "2022-04-26T00:00:00",
"dateUpdated": "2024-08-03T00:03:06.292Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24810 (GCVE-0-2021-24810)
Vulnerability from nvd – Published: 2022-03-07 08:16 – Updated: 2024-08-03 19:42
VLAI?
Title
WP Event Manager < 3.1.23 - Admin+ Stored Cross-Site Scripting
Summary
The WP Event Manager WordPress plugin before 3.1.23 does not escape some of its Field Editor settings when outputting them, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | WP Event Manager – Easily Build your Calendar of Events! |
Affected:
3.1.23 , < 3.1.23
(custom)
|
Credits
Huy Nguyen
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:42:17.265Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/94670822-0251-4e77-8d7f-b47aa7232e52"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WP Event Manager \u2013 Easily Build your Calendar of Events!",
"vendor": "Unknown",
"versions": [
{
"lessThan": "3.1.23",
"status": "affected",
"version": "3.1.23",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Huy Nguyen"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP Event Manager WordPress plugin before 3.1.23 does not escape some of its Field Editor settings when outputting them, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-07T08:16:00",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/94670822-0251-4e77-8d7f-b47aa7232e52"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WP Event Manager \u003c 3.1.23 - Admin+ Stored Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24810",
"STATE": "PUBLIC",
"TITLE": "WP Event Manager \u003c 3.1.23 - Admin+ Stored Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WP Event Manager \u2013 Easily Build your Calendar of Events!",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "3.1.23",
"version_value": "3.1.23"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Huy Nguyen"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WP Event Manager WordPress plugin before 3.1.23 does not escape some of its Field Editor settings when outputting them, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/94670822-0251-4e77-8d7f-b47aa7232e52",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/94670822-0251-4e77-8d7f-b47aa7232e52"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24810",
"datePublished": "2022-03-07T08:16:00",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:42:17.265Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}