cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-2691,https://securityvulnerability.io/vulnerability/CVE-2024-2691,"WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce <= 3.1.43 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'events' Shortcode","The WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'events' shortcode in all versions up to, and including, 3.1.43 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"WP Event Manager – Events Calendar, Registrations, Sell Tickets With WooCommerce",5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-07-16T09:15:00.000Z,0
CVE-2024-0976,https://securityvulnerability.io/vulnerability/CVE-2024-0976,Reflected Cross-Site Scripting Vulnerability in WP Event Manager Plugin,"The WP Event Manager plugin for WordPress is susceptible to Reflected Cross-Site Scripting due to inadequate input sanitization and output escaping. This vulnerability exists in all versions up to and including 3.1.41. Attackers can exploit this flaw to inject malicious scripts, which can execute if a user unwittingly interacts with a manipulated link, potentially compromising the security of the affected site.",Wordpress,"WP Event Manager – Events Calendar, Registrations, Sell Tickets With WooCommerce",6.1,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-03-13T15:26:48.336Z,0
CVE-2023-4423,https://securityvulnerability.io/vulnerability/CVE-2023-4423,Stored Cross-Site Scripting Vulnerability in WP Event Manager Plugin for WordPress,"The WP Event Manager plugin for WordPress suffers from a Stored Cross-Site Scripting vulnerability due to inadequate input sanitization and output escaping within the admin settings. This flaw allows authenticated attackers with admin-level permissions to inject arbitrary scripts into pages, which are then executed when users access those pages. This vulnerability primarily affects multi-site installations and sites where unfiltered_html has been disabled, posing a significant risk to the security and integrity of the affected systems.",Wordpress,"WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce",4.8,MEDIUM,0.0009599999757483602,false,,false,false,false,,false,false,2023-09-27T03:03:01.373Z,0