ThreatPress

WordPress Vulnerability Database

Back

WordPress Events Manager plugin <= 5.9.8.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Product
Events Manager
Description
Authenticated Stored Cross-Site Scripting (XSS) vulnerability found by Nguyen Van Khanh in WordPress Events Manager plugin (versions <= 5.9.8.1).
Solution
2020-11-25 - we were unable to find a patched version of this plugin (use at your own risk, we recommend to deactivate and delete the plugin until the safe version release).
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
WPScan
Plugin changelog
CVE
Name CVE-N/A
Versions
Affected In <= 5.9.8.1
Fixed In 5.9.8.2
Disclosure date
2020-11-25
Credits
Nguyen Van Khanh (SunCSR)