CVE-2020-35037: 
WordPress vulnerability analysis and mitigation

The Events Manager WordPress plugin versions before 5.9.8 contained a Cross-Site Scripting (XSS) vulnerability identified as CVE-2020-35037. The vulnerability was discovered on June 7, 2020, and was related to unsanitized search parameters that could be exploited when output on pages (WPScan).

The vulnerability stems from the plugin's failure to properly sanitize and escape search parameters before outputting them in pages. This security flaw has been assigned a CVSS v3.1 base score of 6.1 (Medium), with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. The vulnerability is classified as CWE-79: Improper Neutralization of Input During Web Page Generation (NVD).

If exploited, this Cross-Site Scripting vulnerability could allow attackers to inject malicious scripts into web pages viewed by users. This could lead to unauthorized access to sensitive information and potential manipulation of web content, affecting both confidentiality and integrity of the affected system (AttackerKB).

The vulnerability was patched in Events Manager version 5.9.8. Users are advised to update to this version or later to mitigate the security risk. The fix was implemented through proper sanitization and escaping of search parameters (WordPress Plugin).