Product
pixelite events manager
27 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-6976
CVE-2025-6975
CVE-2025-6970
CVE-2024-11260
CVE-2024-5889
CVE-2024-3492
CVE-2024-30515
CVE-2024-2111
CVE-2024-2110
CVE-2024-0614
CVE-2023-48326
CVE-2020-35037
CVE-2020-35012
CVE-2019-16523
CVE-2013-7480
CVE-2013-7479
CVE-2013-7478
CVE-2013-7477
CVE-2012-6716
CVE-2015-9300
CVE-2015-9299
CVE-2015-9298
CVE-2015-9297
CVE-2018-13137
CVE-2018-0576
CVE-2018-9020
CVE-2013-1407
< 6.6.5
The Events Manager - Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via
< 6.6.5
The Events Manager - Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Reflected Cross-Site Scripting v
< 6.6.5
The Events Manager - Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to time-based SQL Injection via the
< 6.6.4
The Events Manager - Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to time-based SQL Injection via the
< 6.4.9
The Events Manager - Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Reflected Cross-Site Scripting v
< 6.4.8
The Events Manager - Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via
< 6.4.7
Missing Authorization vulnerability in Pixelite Events Manager.This issue affects Events Manager: from n/a through 6.4.6.4.
< 6.4.7.2
The Events Manager - Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via
< 6.4.7.2
The Events Manager - Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Cross-Site Request Forgery in al
< 6.4.7
The Events Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and
<= 6.4.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pixelite Events Manager allo
< 5.9.8
The Events Manager WordPress plugin before 5.9.8 does not sanitise and escape some search parameter before outputing them in pages
< 5.9.8
The Events Manager WordPress plugin before 5.9.8 does not sanitise and escape a parameter before using it in a SQL statement, lead
<= 5.9.5
The events-manager plugin through 5.9.5 for WordPress (aka Events Manager) is susceptible to Stored XSS due to improper encoding a
< 5.3.6.1
The events-manager plugin before 5.3.6.1 for WordPress has XSS via the booking form and admin areas.
< 5.3.9
The events-manager plugin before 5.3.9 for WordPress has XSS in the search form field.
< 5.5
The events-manager plugin before 5.5 for WordPress has XSS via EM_Ticket::get_post.
< 5.5.2
The events-manager plugin before 5.5.2 for WordPress has XSS in the booking form.
< 5.1.7
The events-manager plugin before 5.1.7 for WordPress has XSS via JSON call links.
< 5.5.7
The events-manager plugin before 5.5.7 for WordPress has multiple XSS issues.
< 5.5.7.1
The events-manager plugin before 5.5.7.1 for WordPress has DOM XSS.
< 5.6
The events-manager plugin before 5.6 for WordPress has code injection.
< 5.6
The events-manager plugin before 5.6 for WordPress has XSS.
all versions
The Events Manager plugin 5.9.4 for WordPress has XSS via the dbem_event_reapproved_email_body parameter to the wp-admin/edit.php?
< 5.9
Cross-site scripting vulnerability in Events Manager plugin prior to version 5.9 for WordPress allows remote attackers to inject a
< 5.8.1.2
The Events Manager plugin before 5.8.1.2 for WordPress allows XSS via the events-manager.js mapTitle parameter in the Google Maps
<= 5.3.4
Multiple cross-site scripting (XSS) vulnerabilities in the Events Manager plugin before 5.3.5 and Events Manager Pro plugin before