CVE-2023-49181

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Dec 15, 2023

Updated: Dec 19, 2023

CWE ID 79

Summary

CVE-2023-49181 is a Cross-site Scripting (XSS) vulnerability affecting WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce. The flaw, which allows for Stored XSS attacks, exists due to improper neutralization of user input during web page generation. This issue can be exploited by attackers to inject malicious scripts into a targeted website, posing a serious threat to site visitors. Affected versions of the plugin range from n/a to 3.1.40. It is crucial that users upgrade to the latest patched version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

WP Event Manager

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/thn-K-
https://www.cve.org/CVERecord?id=CVE-2023-49181
https://nvd.nist.gov/vuln/detail/CVE-2023-49181

Back to Vulnerability Database

CVE-2023-49181

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations