CVE-2013-7478: XSS
First published: Thu Aug 22 2019(Updated: )
The events-manager plugin before 5.5 for WordPress has XSS via EM_Ticket::get_post.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Wp-events-plugin Events Manager | <5.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2013-7478.
What is the title of this vulnerability?
The title of this vulnerability is 'The events-manager plugin before 5.5 for WordPress has XSS via EM_Ticket::get_post.'
What is the severity rating of CVE-2013-7478?
CVE-2013-7478 has a severity rating of 6.1 (medium).
How does the events-manager plugin before 5.5 for WordPress get exploited?
The events-manager plugin before 5.5 for WordPress is exploited through XSS (Cross-Site Scripting) using the EM_Ticket::get_post method.
How can I fix the events-manager plugin before 5.5 for WordPress vulnerability?
To fix the vulnerability, update the events-manager plugin to version 5.5 or later.
- collector/nvd-index
- agent/references
- agent/author
- agent/severity
- agent/weakness
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/softwarecombine
- agent/last-modified-date
- agent/first-publish-date
- vendor/wp-events-plugin
- canonical/wp-events-plugin events manager