ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Events Manager plugin <=5.8.1.1 - Unauthenticated Stored XSS vulnerability

Product
Events Manager
Description
Unauthenticated Stored XSS vulnerability found in WordPress Events Manager plugin (versions <=5.8.1.1).
Solution
Update the WordPress Events Manager plugin to the latest version (at least 5.8.1.2).
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
Plugin changelog
CVE
Name CVE-2018-9020
Versions
Affected In <=5.8.1.1
Fixed In 5.8.1.2
Disclosure date
2018-03-28
Submitter
ThreatPress