# Author: Craw# Email: craw@element7.eu # Software Link: http://wordpress.org/extend/plugins/events-manager-extended/# Version: 3.1.2# Category: webapplications=======================================================[+] ExploiT [1]: If you are allowed to leave a comment:
Persistent XSS Vulnerability: You can inject Javascript Code in your comment.
The Code will be displayed below the event.[+] ExploiT [2]: If you are allowed to book an event:
Persistent XSS Vulnerability: You can inject Javascript Code in[Name],[Email],[Phonenumber],[Comment]
The Code will be displayed in the WordPress Backend -> http://www.site.com/wp-admin/admin.php?page=events-manager-people
=======================================================
Greetz @ LUXEMBOURG
=======================================================
