Events Manager – Calendar, Bookings, Tickets, and more!

Medium 5.3

2025-12-12< 7.2.2.3

CVE-2025-12408

Medium 4.3

2025-12-12< 7.2.2.3

CVE-2025-12407

Medium 6.1

2025-07-09< 6.6.5

Event Manager <= 7.0.3 - Reflected Cross-Site Scripting via `calendar_header` Parameter

Wordfence EUVD CVE

High 7.5

2025-07-09< 6.6.5

Events Manager <= 7.0.3 - Unauthenticated SQL Injection via `orderby` Parameter

Wordfence CVE

Medium 6.4

2025-07-09< 6.6.5

Events Manager <= 7.0.3 - Authenticated(Contributor+) Stored Cross-Site Scripting via Plugin Shortcodes

Wordfence EUVD CVE

Medium 5.3

2025-02-26< 6.6.4.2

CVE-2025-1249

CVE Wordfence EUVD

High 7.5

2025-02-21< 6.6.4

CVE-2024-11260

CVE EUVD Patchstack Wordfence

Medium 6.1

2024-07-01< 6.4.9

WordPress Events Manager Plugin <= 6.4.8 is vulnerable to Cross Site Scripting (XSS)

Patchstack CVE Wordfence

Medium 5.4

2024-06-12< 6.4.8

CVE-2024-3492

CVE Patchstack Wordfence

High 8.8

2024-06-09< 6.4.7

CVE-2024-30515

Medium 4.3

2024-03-28< 6.4.7.2

CVE-2024-30421

Medium 5.4

2024-03-28< 6.4.7.2

CVE-2024-2111

Medium 4.3

2024-03-28< 6.4.7.2

CVE-2024-2110

Medium 4.8

2024-03-13< 6.4.7

CVE-2024-0614

CVE Patchstack Wordfence WPScan

High 7.1

2023-11-30< 6.4.6

CVE-2023-48326

N/A

< 5.9.7.2

Events Manager < 5.9.7.2 - CSV Injection

WPScan

N/A

2020-02-05< 5.9.7.2

Events Manager <= 5.9.7.1 - CSV Injection

Wordfence

N/A

2020-02-06< 5.9.7.2

Events Manager < 5.9.7.2 & Events Manager Pro < 2.6.7.2 - Unauthenticated CSV Injection

Wordfence

N/A

2015-05-15< 5.3.6

WordPress Events Manager Plugin <= 5.3.5 - Multiple Cross Site Scripting

N/A

2015-05-15< 5.3.9

WordPress Events Manager Plugin <= 5.3.8 - Cross Site Scripting

N/A

2015-05-15< 5.5.2

WordPress Events Manager Plugin <= 5.5.1 - Cross Site Scripting

N/A

2020-02-07< 5.9.7.2

WordPress Events Manager plugin <= 5.9.7.1 - CSV Injection vulnerability

N/A

2020-11-25< 5.9.8.2

WordPress Events Manager plugin <= 5.9.8.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

N/A

2020-11-30< 5.9.8

WordPress Events Manager plugin <= 5.9.7.3 - SQL Injection (SQLi) vulnerability

N/A

2020-11-30< 5.9.8

WordPress Events Manager plugin <= 5.9.7.3 - Cross-Site Scripting (XSS) vulnerability

Wordfence CVE Patchstack WPScan

N/A

2014-08-01< 5.3.5

Events Manager < 5.3.5 & Events Manager Pro < 2.2.9 - Cross-Site Scripting

Medium 5.4

2018-03-28< 5.8.1.2

WordPress Events Manager plugin <=5.8.1.1 - Unauthenticated Stored XSS vulnerability

Patchstack CVE Wordfence WPScan

Medium 5.4

2018-05-14< 5.9

CVE-2018-0576

CVE JVN Wordfence WPScan

Medium 4.8

2019-04-12< 5.9.5

CVE-2018-13137

Medium 6.1

2019-08-13< 5.5.7

CVE-2015-9300

Medium 6.1

2019-08-13< 5.6

CVE-2015-9297

Medium 6.1

2019-08-13< 5.5.7.1

CVE-2015-9299

Critical 9.8

2019-08-13< 5.6

CVE-2015-9298

Medium 6.1

2019-08-22< 5.1.7

CVE-2012-6716

Medium 6.1

2019-08-22< 5.5

CVE-2013-7478

Medium 6.1

2019-08-22< 5.3.6.1

CVE-2013-7480

Medium 6.1

2019-08-22< 5.3.9

CVE-2013-7479

Medium 6.1

2019-08-22< 5.5.2

CVE-2013-7477

Medium 5.4

2019-10-16< 5.9.6

CVE-2019-16523

Medium 6.1

2021-12-01< 5.9.8

CVE-2020-35037

High 7.2

2021-12-01< 5.9.8

CVE-2020-35012