Events Manager < 5.9.8 – Cross-Site Scripting (XSS) | CVE 2020-35037

Affects Plugins

events-manager

Fixed in 5.9.8

References

CVE

CVE-2020-35037

URL

https://plugins.trac.wordpress.org/changeset/2336019/events-manager

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

3.8 (low)

Miscellaneous

Original Researcher

Jakob Wierzba

Verified

Yes

WPVDB ID

937b9bdb-7e8e-4ea8-82ec-aa5f6bd70619

Timeline

Publicly Published

2020-06-07 (about 5 years ago)

Added

2020-11-30 (about 5 years ago)

Last Updated

2022-04-10 (about 3 years ago)

Other

Published

Title

Published

2024-08-01

Title

Everest Forms < 3.0.3.1 - Admin+ Stored XSS

Published

2025-01-16

Title

Form To Online Booking <= 1.0 - Reflected Cross-Site Scripting

Published

2024-07-26

Title

Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder < 5.1.20 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Welcome Screen Fields

Published

2020-07-24

Title

JobSearch < 1.5.6 - Unauthenticated Reflected XSS

Published

2020-09-17

Title

MetaSlider < 3.17.2 - Authenticated Stored Cross-Site Scripting (XSS)