The WP Event Manager WordPress plugin before 3.1.28 does not sanitise and escape its search before outputting it back in an attribute on the event dashboard, leading to a Reflected Cross-Site ScriptingCreditsUtkarsh AgrawalReferenceshttps://wpscan.com/vulnerability/2d821464-c502-4f71-afee-97b3dea16612
