QwikSec

Security Database

CVE

CWE

Training

CVE-2019-16523

Published: Oct 16, 2019

Modified: Aug 5, 2024

PUBLISHED

Description

The events-manager plugin through 5.9.5 for WordPress (aka Events Manager) is susceptible to Stored XSS due to improper encoding and insertion of data provided to the attribute map_style of shortcodes (locations_map and events_map) provided by the plugin.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://wordpress.org/plugins/events-manager/#developers

x_refsource_MISC

https://github.com/sbaresearch/advisories/tree/public/2019/SBA-ADV-20190913-03_WordPress_Plugin_Events_Manager

x_refsource_MISC

[oss-security] 20191016 [SBA-ADV-20190913-03] CVE-2019-16523: WordPress Plugin - Events Manager <= 5.9.5 - Stored XSS

mailing-list

x_refsource_MLIST

https://wpvulndb.com/vulnerabilities/9916

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.