Lucene search
K

122 matches found

Positive Technologies
Positive Technologies
added 2025/10/08 12:0 a.m.6 views

PT-2025-41220

Name of the Vulnerable Software and Affected Versions Community Events plugin for WordPress versions up to and including 1.5.1 Description The Community Events plugin for WordPress is susceptible to SQL Injection through the event category parameter. Insufficient input sanitization and inadequate...

9.8CVSS6.7AI score0.00366EPSS
Exploits0References15
CNNVD
CNNVD
added 2025/10/08 12:0 a.m.5 views

WordPress plugin Community Events SQL注入漏洞

WordPress Community Events plugin is a plugin that allows users to submit events. Users can publish event information independently through the website form, while the administrator can retain the final right to review the calendar content. A SQL injection vulnerability exists in the WordPress...

9.8CVSS7.3AI score0.00366EPSS
Exploits0References4
Patchstack
Patchstack
added 2025/10/07 10:30 p.m.6 views

WordPress Community Events plugin <= 1.5.1 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by ifoundbug in WordPress Plugin Community Events versions = 1.5.1...

9.8CVSS7.8AI score0.00366EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-47674

Malicious code in bioql PyPI...

4.8CVSS5.3AI score0.00392EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:22 a.m.6 views

CVE-2024-6270

The Community Events WordPress plugin before 1.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.7AI score0.00333EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:59 a.m.18 views

CVE-2024-6271

The Community Events WordPress plugin before 1.5 does not have CSRF check in place when deleting events, which could allow attackers to make a logged in admin delete arbitrary events via a CSRF attack...

5.4CVSS6.9AI score0.00262EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:47 a.m.8 views

CVE-2022-44742

Auth. admin+ Stored Cross-Site Scripting vulnerability in Yannick Lefebvre Community Events plugin = 1.4.8 versions...

4.8CVSS6.1AI score0.00392EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/08/05 7:13 a.m.6 views

WordPress Community Events plugin < 1.5.1 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Community Events versions 1.5.1...

4.8CVSS6.1AI score0.00333EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2024/08/05 6:16 a.m.3 views

CVE-2024-6270

The Community Events WordPress plugin before 1.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.00333EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/08/05 6:0 a.m.19 views

CVE-2024-6270 Community Events < 1.5.1 - Admin+ Stored XSS

The Community Events WordPress plugin before 1.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.4AI score0.00333EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/08/05 6:0 a.m.29 views

CVE-2024-6270 Community Events < 1.5.1 - Admin+ Stored XSS

The Community Events WordPress plugin before 1.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

0.00333EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/08/05 12:0 a.m.5 views

WordPress plugin Community Events 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the WordPress plugin...

4.8CVSS6.6AI score0.00333EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/08/05 12:0 a.m.5 views

PT-2024-37498 · WordPress · Community Events

Name of the Vulnerable Software and Affected Versions: Community Events WordPress plugin versions prior to 1.5.1 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This is possible because the plugin does not properly sanitise and...

4.8CVSS5.3AI score0.00333EPSS
Exploits1References5
Patchstack
Patchstack
added 2024/08/05 12:0 a.m.17 views

WordPress Community Events Plugin < 1.5.1 is vulnerable to Cross Site Scripting (XSS)

Software Community Events Type Plugin Vulnerable versions 1.5.1 Fixed in 1.5.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6270 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 41e2dd4ebfb2 Credits Bob Matyas Required...

4.8CVSS5.8AI score0.00333EPSS
Exploits1References4Affected Software1
Patchstack
Patchstack
added 2024/07/22 6:39 a.m.8 views

WordPress Community Events plugin < 1.5 - Event Deletion via CSRF vulnerability

Event Deletion via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin Community Events versions 1.5...

5.4CVSS7AI score0.00262EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2024/07/22 6:15 a.m.1 views

CVE-2024-6271

The Community Events WordPress plugin before 1.5 does not have CSRF check in place when deleting events, which could allow attackers to make a logged in admin delete arbitrary events via a CSRF attack...

5.4CVSS5.9AI score0.00262EPSS
Exploits1References1
NVD
NVD
added 2024/07/22 6:15 a.m.28 views

CVE-2024-6271

The Community Events WordPress plugin before 1.5 does not have CSRF check in place when deleting events, which could allow attackers to make a logged in admin delete arbitrary events via a CSRF attack...

5.4CVSS0.00262EPSS
Exploits1References1
CVE
CVE
added 2024/07/22 6:0 a.m.57 views

CVE-2024-6271

CVE-2024-6271 affects Community Events WordPress plugin prior to 1.5. The vulnerability is due to a missing CSRF check when deleting events, allowing a CSRF attack to cause a logged-in admin to delete arbitrary events. No exploitation details are provided in the documents. Remediation: upgrade to...

5.4CVSS6.5AI score0.00262EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2024/07/22 6:0 a.m.29 views

CVE-2024-6271 Community Events < 1.5 - Event Deletion via CSRF

The Community Events WordPress plugin before 1.5 does not have CSRF check in place when deleting events, which could allow attackers to make a logged in admin delete arbitrary events via a CSRF attack...

0.00262EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/07/22 6:0 a.m.19 views

CVE-2024-6271 Community Events < 1.5 - Event Deletion via CSRF

The Community Events WordPress plugin before 1.5 does not have CSRF check in place when deleting events, which could allow attackers to make a logged in admin delete arbitrary events via a CSRF attack...

7.1AI score0.00262EPSS
Exploits1References1
Rows per page
Query Builder