Events Manager
Marcus (aka @msykes)
Developer
7.2.3.1
Latest version
70,000
Installations
No date
Last updated
Vulnerability history
0 present
25 fixed
7 Mitigation rules
- Authenticated (Contributor+) Stored Cross-Site Scripting via 'events_list_grouped' Shortcode vulnerability<= 7.2.2.1Dec 17, 2025
- Cross-Site Request Forgery to Location Deletion vulnerability<= 7.2.2.2Dec 12, 2025
- Unauthenticated Information Exposure vulnerability<= 7.2.2.2Dec 12, 2025
- Reflected Cross Site Scripting (XSS) vulnerability<= 6.6.4.4Jul 9, 2025
- Unauthenticated SQL Injection vulnerability<= 6.6.4.4Jul 9, 2025
- Cross Site Scripting (XSS) vulnerability<= 6.6.4.4Jul 9, 2025
- Broken Access Control vulnerability<= 6.6.4.1Feb 26, 2025
- Unauthenticated SQL Injection via Event Status Parameter vulnerability<= 6.6.3Feb 20, 2025
- Reflected Cross-Site Scripting vulnerability<= 6.4.8Jul 1, 2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via event, location, and event_category Shortcodes vulnerability<= 6.4.7.3Jun 12, 2024
- Broken Access Control vulnerability<= 6.4.6.4Mar 28, 2024
- Cross Site Request Forgery (CSRF) vulnerability<= 6.4.7.1Mar 28, 2024
- Cross-Site Request Forgery vulnerability<= 6.4.7.1Mar 28, 2024
- Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability<= 6.4.7.1Mar 28, 2024
- Authenticated(Administator+) Stored Cross-Site Scripting via settings vulnerability<= 6.4.6.4Feb 29, 2024
- Reflected Cross Site Scripting (XSS) vulnerability<= 6.4.5Nov 23, 2023
- Reflected Cross-Site Scripting (XSS) vulnerability<= 5.9.7.3Nov 30, 2020
- SQL Injection (SQLi) vulnerability<= 5.9.7.3Nov 30, 2020
- Authenticated Stored Cross-Site Scripting (XSS) vulnerability<= 5.9.8.1Nov 25, 2020
- CSV Injection vulnerability<= 5.9.7.1Feb 7, 2020
- Unauthenticated Stored XSS vulnerability<= 5.8.1.1Mar 28, 2018
- Cross Site Scripting<= 5.5.1May 15, 2015
- Cross Site Scripting<= 5.3.8May 15, 2015
- Multiple Cross Site Scripting<= 5.3.5May 15, 2015
- Multiple XSS<= 5.3.4Jan 19, 2013