cleantalk
Vulnerabilities and Security Researches

Events Manager – Calendar, Bookings, Tickets, and more!, CVE-2018-13137

CVE, Research URL

CVE-2018-13137

Home page URL

Security reports for Events Manager – Calendar, Bookings, Tickets, and more!

Application

Events Manager – Calendar, Bookings, Tickets, and more!

Published on
Apr 12, 2019
Research Description
The Events Manager plugin 5.9.4 for WordPress has XSS via the dbem_event_reapproved_email_body parameter to the wp-admin/edit.php?post_type=event&page=events-manager-options URI.
Affected versions
Min -, max 5.9.5.
Status
vulnerable
Previous vulnerability researches
Events Manager Pro – extended (CVE-2024-50532) , Nov 03, 2024
WP Events Manager (CVE-2024-7717) , Sep 01, 2024
Events Manager – Calendar, Bookings, Tickets, and more! (CVE-2025-1249) , Mar 05, 2025
Events Manager – Calendar, Bookings, Tickets, and more! , Sep 05, 2024
Events Manager – Calendar, Bookings, Tickets, and more! (CVE-2024-11260) , Feb 21, 2025
New vulnerability
WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible (CVE-2025-3780) , Jul 12, 2025
Lana Downloads Manager (CVE-2025-7387) , Jul 12, 2025
Internal Linking of Related Contents (CVE-2025-49884) , Jul 12, 2025
Sharable Password Protected Posts (CVE-2025-5920) , Jul 12, 2025
Friends (CVE-2025-7504) , Jul 12, 2025