Back
WordPress Events Manager plugin <=5.8.1.1 - Unauthenticated Stored XSS vulnerability
- Product
- Events Manager
- Description
- Unauthenticated Stored XSS vulnerability found in WordPress Events Manager plugin (versions <=5.8.1.1).
- Solution
- Update the WordPress Events Manager plugin to the latest version (at least 5.8.1.2).
- Classification
-
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
- References
-
Plugin changelog
- CVE
- Name CVE-2018-9020
- Versions
-
Affected In
<=5.8.1.1
Fixed In 5.8.1.2
- Disclosure date
- 2018-03-28
- Submitter
- ThreatPress