Name of the Vulnerable Software and Affected Versions:

WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce versions up to and including 3.1.49

Description:

The WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress contains a Stored Cross-Site Scripting issue due to insufficient input sanitization and output escaping. This allows authenticated attackers with administrator-level access to inject arbitrary web scripts into pages, which will execute when a user accesses the injected page. This only affects multi-site installations and installations where unfiltered html has been disabled.

Recommendations:

Update WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce to a version later than 3.1.49.