CVE-2025-22635

Medium CVSS: 6.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in imithemes Eventer eventer allows Reflected XSS.This issue affects Eventer: from n/a through < 3.9.9.

Vendor

Imithemes

Product

Eventer

CWE

CWE-79

Yayın Tarihi

2025-02-23 23:15:10

Güncelleme

2026-04-01 16:22:24

Source Identifier

audit@patchstack.com

KEV Date Added

Kategoriler

CWE-79 Eventer MEDIUM Imithemes 2025

Referanslar

https://patchstack.com/database/Wordpress/Plugin/eventer/vulnerability/wordpress-eventer-wordpress-event-booking-manager-plugin-plugin-3-9-9-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve

Benzer Kayıtlar

Critical

CVE-2025-39481

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in imithemes Eventer…

High

CVE-2025-39482

Missing Authorization vulnerability in imithemes Eventer eventer allows Exploiting Incorrectly Configured Access Control…

High

CVE-2025-0959

The Eventer - WordPress Event & Booking Manager Plugin plugin for WordPress is vulnerable to SQL Injection via the reg_i…

Medium

CVE-2024-11132

The Eventer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and incl…

Medium

CVE-2024-11133

The Eventer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the '…

Medium

CVE-2024-11134

The Eventer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the '…