WordPress · Events Manager · CVE-2020-35037
Name of the Vulnerable Software and Affected Versions:
Events Manager WordPress plugin versions prior to 5.9.8
Description:
The issue is related to the Events Manager WordPress plugin, where some search parameters are not properly sanitized and escaped before being output on pages. This could lead to Cross-Site Scripting issues.
Recommendations:
For versions prior to 5.9.8, update to version 5.9.8 or later to resolve the issue. As a temporary workaround, consider restricting access to search functionality until the update is applied.