Fullworksplugins Quick Event Manager vulnerabilities
4 known vulnerabilities affecting fullworksplugins/quick_event_manager.
Total CVEs
4
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
MEDIUM4
Vulnerabilities
Page 1 of 1
CVE-2023-23491P3MEDIUMCVSS 6.1PoCfixed in 9.7.52023-01-20
CVE-2023-23491 [MEDIUM] CWE-79 CVE-2023-23491: The Quick Event Manager WordPress Plugin, version < 9.7.5, is affected by a reflected cross-site scr
The Quick Event Manager WordPress Plugin, version < 9.7.5, is affected by a reflected cross-site scripting vulnerability in the 'category' parameter of its 'qem_ajax_calendar' action.
nvd
CVE-2023-23979P4MEDIUMCVSS 6.1fixed in 9.7.52023-04-06
CVE-2023-23979 [MEDIUM] CWE-79 CVE-2023-23979: Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Event Manager plugin <= 9
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Event Manager plugin <= 9.7.4 versions.
nvd
CVE-2023-23974P4MEDIUMCVSS 5.4fixed in 9.7.52023-03-01
CVE-2023-23974 [MEDIUM] CWE-352 CVE-2023-23974: Cross-Site Request Forgery (CSRF) vulnerability in Fullworks Quick Event Manager plugin <= 9.7.4 aff
Cross-Site Request Forgery (CSRF) vulnerability in Fullworks Quick Event Manager plugin <= 9.7.4 affecting all registration actions (delete, delete all, edit, update).
nvd
CVE-2022-46863P4MEDIUMCVSS 4.8fixed in 9.6.52023-03-28
CVE-2022-46863 [MEDIUM] CWE-79 CVE-2022-46863: Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Event Manager plug
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Event Manager plugin <= 9.6.4 versions.
nvd