PT-2019-14685 · WordPress · Events Manager
Tobias Fink
·
Published
2019-10-16
·
Updated
2024-10-08
·
CVE-2019-16523
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Events Manager plugin versions through 5.9.5
Description
The issue arises from improper encoding and insertion of data provided to the
map style attribute of shortcodes, specifically locations map and events map, leading to Stored XSS.Recommendations
For versions through 5.9.5, update to a version that contains a fix for this issue to prevent exploitation.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Events Manager