CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

122 matches found

RedhatCVE•added 2026/03/08 1:44 a.m.•1 views

CVE-2026-2429

The Community Events plugin for WordPress is vulnerable to SQL Injection via the 'cevenuename' CSV field in the onsavechangesvenues function in all versions up to, and including, 1.5.8. This is due to insufficient escaping on the user-supplied CSV data and lack of sufficient preparation on the...

4.9CVSS5.8AI score0.00035EPSS

Exploits0References1

EUVD•added 2026/03/07 3:30 a.m.•3 views

EUVD-2026-10099

4.9CVSS5.8AI score0.00035EPSS

Exploits0References5

NVD•added 2026/03/07 2:16 a.m.•1 views

CVE-2026-2429

4.9CVSS0.00035EPSS

Exploits0References4

Patchstack•added 2026/03/07 1:23 a.m.•2 views

WordPress Community Events plugin <= 1.5.8 - Authenticated (Administrator+) SQL Injection via 'ce_venue_name' CSV Field vulnerability

Authenticated Administrator+ SQL Injection via 'cevenuename' CSV Field vulnerability discovered by Bee - FPT University in WordPress Plugin Community Events versions = 1.5.8...

4.9CVSS5.8AI score0.00035EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2026/03/07 1:21 a.m.•0 views

CVE-2026-2429 Community Events <= 1.5.8 - Authenticated (Administrator+) SQL Injection via 'ce_venue_name' CSV Field

4.9CVSS5.8AI score0.00035EPSS

Exploits0References4

CVE•added 2026/03/07 1:21 a.m.•7 views

CVE-2026-2429

The CVE-2026-2429 entry concerns the WordPress Community Events plugin. It describes an SQL Injection vulnerability via the ce_venue_name field in the on_save_changes_venues function, affecting all versions up to 1.5.8. The issue stems from insufficient escaping of user-supplied CSV data and inad...

4.9CVSS5.8AI score0.00035EPSS

Exploits0References4

ATTACKERKB•added 2026/03/07 1:21 a.m.•1 views

CVE-2026-2429

4.9CVSS5.8AI score0.00035EPSS

Exploits0References5

Cvelist•added 2026/03/07 1:21 a.m.•23 views

CVE-2026-2429 Community Events <= 1.5.8 - Authenticated (Administrator+) SQL Injection via 'ce_venue_name' CSV Field

4.9CVSS0.00035EPSS

Exploits0References4

CNNVD•added 2026/03/07 12:0 a.m.•3 views

WordPress plugin Community Events SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

4.9CVSS6AI score0.00035EPSS

Exploits0References5

RedhatCVE•added 2026/02/19 1:28 p.m.•2 views

CVE-2026-1649

The Community Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cevenuename' parameter in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...

4.4CVSS5.7AI score0.00014EPSS

Exploits0References1

NVD•added 2026/02/18 9:15 a.m.•2 views

CVE-2026-1649

4.4CVSS0.00014EPSS

Exploits0References5

Cvelist•added 2026/02/18 8:26 a.m.•29 views

CVE-2026-1649 Community Events <= 1.5.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'ce_venue_name' Parameter

4.4CVSS0.00014EPSS

Exploits0References5

ATTACKERKB•added 2026/02/18 8:26 a.m.•2 views

CVE-2026-1649

4.4CVSS5.7AI score0.00014EPSS

Exploits0References6

Vulnrichment•added 2026/02/18 8:26 a.m.•2 views

CVE-2026-1649 Community Events <= 1.5.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'ce_venue_name' Parameter

4.4CVSS5.7AI score0.00014EPSS

Exploits0References5

CVE•added 2026/02/18 8:26 a.m.•8 views

CVE-2026-1649

CVE-2026-1649 : The WordPress Community Events plugin is affected by a Stored Cross-Site Scripting vulnerability via the ce_venue_name parameter in all versions up to 1.5.7. Exploitation requires administrator-level access or higher to inject scripts that run on page views. The issue is due to in...

4.4CVSS5.7AI score0.00014EPSS

Exploits0References5

Patchstack•added 2026/02/18 12:36 a.m.•5 views

WordPress Community Events plugin <= 1.5.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'ce_venue_name' Parameter vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via 'cevenuename' Parameter vulnerability discovered by Bee - FPT University in WordPress Plugin Community Events versions = 1.5.7...

4.4CVSS5.5AI score0.00014EPSS

Exploits0References1Affected Software1

CNNVD•added 2026/02/18 12:0 a.m.•2 views

WordPress plugin Community Events 跨站脚本漏洞

4.4CVSS5.6AI score0.00014EPSS

Exploits0References5

Positive Technologies•added 2026/02/18 12:0 a.m.•2 views

PT-2026-20362

The Community Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ce venue name' parameter in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5.7AI score0.00014EPSS

Exploits0References6

RedhatCVE•added 2026/01/18 5:26 a.m.•3 views

CVE-2025-14029

The Community Events plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxadmineventapproval function in all versions up to, and including, 1.5.6. This makes it possible for unauthenticated attackers to approve arbitrary events via t...

5.3CVSS5.5AI score0.00146EPSS

Exploits0References1

CVE•added 2026/01/17 4:34 a.m.•9 views

CVE-2025-14029

CVE-2025-14029 affects the WordPress plugin Community Events (versions up to and including 1.5.6). The issue is a missing capability check in ajax_admin_event_approval(), allowing unauthenticated attackers to approve arbitrary events via the eventlist parameter. Wordfence notes this vulnerability...

5.3CVSS5.1AI score0.00146EPSS

Exploits0References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by