CVE-2024-0614 in Events Manager Plugininfo

Summary

by MITRE • 03/13/2024

The Events Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 6.4.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 04/12/2026

The vulnerability identified as CVE-2024-0614 affects the Events Manager plugin for WordPress, representing a critical stored cross-site scripting flaw that compromises the security of affected installations. This vulnerability exists in all versions up to and including 6.4.6.4, making it a persistent threat that has remained unaddressed through the plugin's development lifecycle. The flaw specifically targets the admin settings functionality of the plugin, creating a pathway for malicious actors to execute arbitrary web scripts within the context of the victim's browser session.

The technical root cause of this vulnerability stems from insufficient input sanitization and inadequate output escaping mechanisms within the plugin's administrative interface. When administrators configure plugin settings, the system fails to properly validate or sanitize user-supplied input before storing it in the database. Additionally, the output escaping mechanisms that should protect against XSS attacks are either missing or improperly implemented, allowing malicious scripts to persist in the system. This combination of weaknesses creates a perfect storm for stored XSS exploitation, where injected scripts are permanently stored and executed whenever affected pages are accessed.

The operational impact of this vulnerability is particularly severe given its requirement for administrator-level permissions, which represents the highest privilege level within WordPress systems. Attackers who can authenticate as administrators or gain access to such credentials can inject malicious scripts that will execute whenever any user accesses pages containing the injected content. This creates a persistent threat that can affect all users of the WordPress installation, regardless of their privilege level, as the malicious scripts execute in the context of their browser sessions. The vulnerability specifically targets multi-site installations and environments where unfiltered_html has been disabled, indicating that the attack surface is limited but still significant within certain deployment configurations.

The implications of this vulnerability extend beyond simple script execution, as it can enable sophisticated attacks including session hijacking, credential theft, and privilege escalation. The stored nature of the XSS vulnerability means that once exploited, the malicious payload persists indefinitely until manually removed by administrators, creating a long-term security risk. This vulnerability aligns with CWE-79, which specifically addresses cross-site scripting flaws, and represents a clear violation of secure coding practices that should prevent user input from being directly rendered without proper sanitization. The ATT&CK framework would categorize this vulnerability under initial access and privilege escalation techniques, as it allows attackers to establish persistent access through the exploitation of administrative interfaces.

Organizations affected by this vulnerability should prioritize immediate remediation through plugin updates to versions that address the stored XSS flaw. The recommended mitigation strategy includes implementing strict input validation and output escaping mechanisms, particularly within administrative interfaces where privileged users can inject content. Regular security auditing of plugin configurations and user permissions should be conducted to prevent unauthorized access to administrative functions. Additionally, implementing web application firewalls and content security policies can provide additional layers of protection against exploitation attempts. The vulnerability highlights the critical importance of maintaining up-to-date security practices and the necessity of thorough code review processes to prevent such flaws from reaching production environments.

Responsible

Wordfence

Reservation

01/16/2024

Disclosure

03/13/2024

Moderation

accepted

CPE

ready

EPSS

0.00685

KEV

no

Activities

very low

Sources

Might our Artificial Intelligence support you?

Check our Alexa App!