CVE-2022-1474

Name of the Vulnerable Software and Affected Versions WP Event Manager versions prior to 3.1.28

Description The issue is related to a Reflected Cross-Site Scripting problem. It occurs because the search function in the WP Event Manager plugin does not properly sanitise and escape its output, which is then reflected back in an attribute on the event dashboard. This can lead to malicious scripts being executed.

Recommendations For versions prior to 3.1.28, update to version 3.1.28 or later to resolve the issue. As a temporary workaround, consider restricting access to the event dashboard to minimize the risk of exploitation.