WordPress Plugin Vulnerabilities

Event Manager for WooCommerce < 3.9.6 - Editor+ Stored Cross-Site Scripting

Description

The plugin does not correctly sanitize user inputs, leading to potential Stored Cross-Site Scripting (XSS) vulnerabilities.

Affects Plugins

Plugin icon
mage-eventpress
Fixed in 3.9.6

References

CVE
CVE-2023-36383
URL
https://patchstack.com/database/vulnerability/mage-eventpress/wordpress-event-manager-and-tickets-selling-plugin-for-woocommerce-plugin-3-9-5-cross-site-scripting-xss-vulnerability

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
5.9 (medium)

Miscellaneous

Original Researcher
emad
Verified
No
WPVDB ID
7a550a62-d65d-4224-bb2e-96c966e20f9b

Timeline

Publicly Published
2023-06-22 (about 2 years ago)
Added
2023-07-18 (about 2 years ago)
Last Updated
2023-07-18 (about 2 years ago)

Other

Published
Title
Published
2025-09-29
Title
dbview <= 0.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2023-09-19
Title
Table of Contents Plus < 2309 - Authenticated (Administrator+) Stored Cross-Site Scripting
Published
2024-12-14
Title
Bootstrap Buttons <= 1.2 - Reflected Cross-Site Scripting
Published
2024-03-25
Title
Shortlinks by Pretty Links < 3.6.3 - Reflected Cross-Site Scripting via post_status
Published
2024-05-14
Title
Magazine Blocks < 1.3.7 - Authenticated (Author+) Stored Cross-Site Scripting