cleantalk
Vulnerabilities and Security Researches

Events Manager – Calendar, Bookings, Tickets, and more!, CVE-2013-1407

CVE, Research URL

CVE-2013-1407

Home page URL

Security reports for Events Manager – Calendar, Bookings, Tickets, and more!

Application

Events Manager – Calendar, Bookings, Tickets, and more!

Published on
May 13, 2014
Research Description
Multiple cross-site scripting (XSS) vulnerabilities in the Events Manager plugin before 5.3.5 and Events Manager Pro plugin before 2.2.9 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) scope parameter to index.php; (2) user_name, (3) dbem_phone, (4) user_email, or (5) booking_comment parameter to an event with registration enabled; or the (6) _wpnonce parameter to wp-admin/edit.php.
Affected versions
Min -, max 5.9.7.2.
Status
vulnerable
Previous vulnerability researches
Events Manager Pro – extended (CVE-2024-50532) , Nov 03, 2024
WP Events Manager (CVE-2024-7717) , Sep 01, 2024
Events Manager – Calendar, Bookings, Tickets, and more! (CVE-2025-1249) , Mar 05, 2025
Events Manager – Calendar, Bookings, Tickets, and more! , Sep 05, 2024
Events Manager – Calendar, Bookings, Tickets, and more! (CVE-2024-11260) , Feb 21, 2025
New vulnerability
Multi-language Responsive Contact Form (CVE-2025-29000) , Jul 13, 2025
RSFirewall! (CVE-2025-7518) , Jul 13, 2025
WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible (CVE-2025-3780) , Jul 12, 2025
Lana Downloads Manager (CVE-2025-7387) , Jul 12, 2025
Internal Linking of Related Contents (CVE-2025-49884) , Jul 12, 2025