cleantalk
Vulnerabilities and Security Researches

Events Manager – Calendar, Bookings, Tickets, and more!, CVE-2019-16523

CVE, Research URL

CVE-2019-16523

Home page URL

Security reports for Events Manager – Calendar, Bookings, Tickets, and more!

Application

Events Manager – Calendar, Bookings, Tickets, and more!

Published on
Oct 16, 2019
Research Description
The events-manager plugin through 5.9.5 for WordPress (aka Events Manager) is susceptible to Stored XSS due to improper encoding and insertion of data provided to the attribute map_style of shortcodes (locations_map and events_map) provided by the plugin.
Affected versions
Min -, max 5.9.6.
Status
vulnerable
Previous vulnerability researches
Events Manager Pro – extended (CVE-2024-50532) , Nov 03, 2024
WP Events Manager (CVE-2024-7717) , Sep 01, 2024
Events Manager – Calendar, Bookings, Tickets, and more! (CVE-2025-1249) , Mar 05, 2025
Events Manager – Calendar, Bookings, Tickets, and more! , Sep 05, 2024
Events Manager – Calendar, Bookings, Tickets, and more! (CVE-2024-11260) , Feb 21, 2025
New vulnerability
WP Lightbox 2 (CVE-2025-3745) , Jul 13, 2025
Multi-language Responsive Contact Form (CVE-2025-29000) , Jul 13, 2025
RSFirewall! (CVE-2025-7518) , Jul 13, 2025
WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible (CVE-2025-3780) , Jul 12, 2025
Lana Downloads Manager (CVE-2025-7387) , Jul 12, 2025