Event Monster < 2.0.0 – Admin+ Stored XSS | CVE 2023-47525

Affects Plugins

Fixed in 2.0.0

References

CVE

CVE-2023-47525

URL

https://patchstack.com/database/vulnerability/event-monster/wordpress-event-monster-plugin-1-3-2-cross-site-scripting-xss-vulnerability

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

3.5 (low)

Miscellaneous

Original Researcher

Jeongwoo-Lee(Roronoa)

Verified

No

WPVDB ID

8fe2a364-8a1e-4aec-a686-4d374b429916

Timeline

Publicly Published

2023-12-19 (about 2 years ago)

Added

2023-12-23 (about 2 years ago)

Last Updated

2026-01-29 (about 1 month ago)

Other

Published

Title

Published

2024-03-06

Title

Royal Elementor Addons and Templates < 1.3.92 - Authenticated (Contributor+) Stored Cross-Site Scripting via Logo Widget

Published

2024-10-18

Title

Registrations for The Events Calendar < 2.12.4 - Unauthenticated Stored XSS

Published

2016-04-12

Title

Hero Maps Pro <= 2.1.0 - Unauthenticated Reflected Cross-Site Scripting (XSS)

Published

2022-06-16

Title

Awin Data Feed < 1.8 - Reflected Cross-Site Scripting

Published

2022-05-09

Title

Simple Real Estate Pack <= 1.4.8 - Admin+ Stored Cross Site Scripting