CVE-2025-6970 — CVSS 7.5 (high): The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to time-based SQL Injection via the…
CVE-2024-11260 — CVSS 7.5 (high): The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to time-based SQL Injection via the…
CVE-2020-35012 — CVSS 7.2 (high): The Events Manager WordPress plugin before 5.9.8 does not sanitise and escape a parameter before using it in a SQL statement, leading to an…
CVE-2023-48326 — CVSS 7.1 (high): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pixelite Events Manager allows…
CVE-2025-6976 — CVSS 6.4 (medium): The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the…
CVE-2024-2111 — CVSS 6.4 (medium): The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the…
CVE-2024-3492 — CVSS 6.4 (medium): The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the…
CVE-2025-6975 — CVSS 6.1 (medium): The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the…
CVE-2024-5889 — CVSS 6.1 (medium): The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the…
CVE-2013-7480 — CVSS 6.1 (medium): The events-manager plugin before 5.3.6.1 for WordPress has XSS via the booking form and admin areas.
CVE-2020-35037 — CVSS 6.1 (medium): The Events Manager WordPress plugin before 5.9.8 does not sanitise and escape some search parameter before outputing them in pages, which…
CVE-2019-16523 — CVSS 5.4 (medium): The events-manager plugin through 5.9.5 for WordPress (aka Events Manager) is susceptible to Stored XSS due to improper encoding and…
CVE-2018-9020 — CVSS 5.4 (medium): The Events Manager plugin before 5.8.1.2 for WordPress allows XSS via the events-manager.js mapTitle parameter in the Google Maps miniature.
CVE-2018-0576 — CVSS 5.4 (medium): Cross-site scripting vulnerability in Events Manager plugin prior to version 5.9 for WordPress allows remote attackers to inject arbitrary…
CVE-2018-13137 — CVSS 4.8 (medium): The Events Manager plugin 5.9.4 for WordPress has XSS via the dbem_event_reapproved_email_body parameter to the wp-admin/edit.php?post_type=…
CVE-2024-0614 — CVSS 4.4 (medium): The Events Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and…
CVE-2024-2110 — CVSS 4.3 (medium): The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Cross-Site Request Forgery in all…
CVE-2024-30515 — CVSS 4.3 (medium): Missing Authorization vulnerability in Pixelite Events Manager.This issue affects Events Manager: from n/a through 6.4.6.4.