[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fB4H_JOIw-IYovt_LledDxOClzbQrgnB99ZE9S9GtODk":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20},"CVE-2023-5238","eventprime-reflected-html-content-injection","EventPrime \u003C 3.2.0 - Reflected HTML Content Injection","The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Reflected HTML Content Injection via the search parameter in all versions up to 3.2.0 (exclusive) due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web content in search pages if they can successfully trick a user into performing an action such as clicking on a link.","eventprime-event-calendar-management",null,"\u003C3.2.0","3.2.0","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')","2023-10-09 00:00:00","2024-01-22 19:56:02",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fed881d06-e652-45ac-8f56-c2db9e403485?source=api-prod",106]