cleantalk
Vulnerabilities and Security Researches

Events Manager – Calendar, Bookings, Tickets, and more!, CVE-2024-0614

CVE, Research URL

CVE-2024-0614

Home page URL

Security reports for Events Manager – Calendar, Bookings, Tickets, and more!

Application

Events Manager – Calendar, Bookings, Tickets, and more!

Published on
Mar 13, 2024
Research Description
The Events Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 6.4.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Affected versions
Min -, max 6.4.7.
Status
vulnerable
Previous vulnerability researches
Events Manager Pro – extended (CVE-2024-50532) , Nov 03, 2024
WP Events Manager (CVE-2024-7717) , Sep 01, 2024
Events Manager – Calendar, Bookings, Tickets, and more! (CVE-2025-1249) , Mar 05, 2025
Events Manager – Calendar, Bookings, Tickets, and more! , Sep 05, 2024
Events Manager – Calendar, Bookings, Tickets, and more! (CVE-2024-11260) , Feb 21, 2025
New vulnerability
WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible (CVE-2025-3780) , Jul 12, 2025
Lana Downloads Manager (CVE-2025-7387) , Jul 12, 2025
Internal Linking of Related Contents (CVE-2025-49884) , Jul 12, 2025
Sharable Password Protected Posts (CVE-2025-5920) , Jul 12, 2025
Friends (CVE-2025-7504) , Jul 12, 2025