Ansarisec

**Name of the Vulnerable Software and Affected Versions** Events Manager plugin version 5.9.4 **Description** The issue concerns a cross-site scripting (XSS) problem. It is exploited via the `dbem event reapproved email body` parameter to the "wp-admin/edit.php?post type=event&page=events-manager-options" URI. **Recommendations** For Events Manager plugin version 5.9.4, consider disabling access to the `dbem event reapproved email body` parameter in the affected URI until a patch is available. Restrict access to the "wp-admin/edit.php?post type=event&page=events-manager-options" URI to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The Ultimate Member plugin versions prior to 2.0.18 **Description** The issue allows for XSS via the wp-admin settings screen. **Recommendations** For versions prior to 2.0.18, update to version 2.0.18 or later to resolve the issue.