Pixelite Events Manager vulnerabilities
27 known vulnerabilities affecting pixelite/events_manager.
Total CVEs
27
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL1HIGH4MEDIUM22
Vulnerabilities
Page 2 of 2
CVE-2024-2111P4MEDIUMCVSS 5.4fixed in 6.4.7.22024-03-28
CVE-2024-2111 [MEDIUM] CWE-79 CVE-2024-2111: The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to St
The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the physical location value in all versions up to, and including, 6.4.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permis
nvd
CVE-2024-3492P4MEDIUMCVSS 5.4fixed in 6.4.82024-06-12
CVE-2024-3492 [MEDIUM] CWE-79 CVE-2024-3492: The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to St
The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'event', 'location', and 'event_category' shortcodes in all versions up to, and including, 6.4.7.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f
nvd
CVE-2025-6975P4MEDIUMCVSS 6.1fixed in 6.6.5≥ 7.0.1, < 7.0.42025-07-09
CVE-2025-6975 [MEDIUM] CWE-79 CVE-2025-6975: The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Re
The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘calendar_header’ parameter in all versions up to, and including, 7.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts
nvd
CVE-2018-13137P4MEDIUMCVSS 4.8v5.9.42019-04-12
CVE-2018-13137 [MEDIUM] CWE-79 CVE-2018-13137: The Events Manager plugin 5.9.4 for WordPress has XSS via the dbem_event_reapproved_email_body param
The Events Manager plugin 5.9.4 for WordPress has XSS via the dbem_event_reapproved_email_body parameter to the wp-admin/edit.php?post_type=event&page=events-manager-options URI.
nvd
CVE-2024-0614P4MEDIUMCVSS 4.8fixed in 6.4.72024-03-13
CVE-2024-0614 [MEDIUM] CWE-79 CVE-2024-0614: The Events Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin setti
The Events Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 6.4.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages tha
nvd
CVE-2024-2110P4MEDIUMCVSS 4.3fixed in 6.4.7.22024-03-28
CVE-2024-2110 [MEDIUM] CWE-352 CVE-2024-2110: The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Cr
The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.4.7.1. This is due to missing or incorrect nonce validation on several actions. This makes it possible for unauthenticated attackers to modify booking statuses via a forged request granted
nvd
CVE-2024-30421P4MEDIUMCVSS 4.3≥ n/a, ≤ 6.4.7.12024-03-28
CVE-2024-30421 [MEDIUM] CWE-352 CVE-2024-30421: Cross-Site Request Forgery (CSRF) vulnerability in Pixelite Events Manager.This issue affects Events
Cross-Site Request Forgery (CSRF) vulnerability in Pixelite Events Manager.This issue affects Events Manager: from n/a through 6.4.7.1.
nvd
← Previous2 / 2