122 matches found
PT-2025-41220
Name of the Vulnerable Software and Affected Versions Community Events plugin for WordPress versions up to and including 1.5.1 Description The Community Events plugin for WordPress is susceptible to SQL Injection through the event category parameter. Insufficient input sanitization and inadequate...
WordPress plugin Community Events SQL注入漏洞
WordPress Community Events plugin is a plugin that allows users to submit events. Users can publish event information independently through the website form, while the administrator can retain the final right to review the calendar content. A SQL injection vulnerability exists in the WordPress...
WordPress Community Events plugin <= 1.5.1 - Unauthenticated SQL Injection vulnerability
Unauthenticated SQL Injection vulnerability discovered by ifoundbug in WordPress Plugin Community Events versions = 1.5.1...
EUVD-2022-47674
Malicious code in bioql PyPI...
CVE-2024-6270
The Community Events WordPress plugin before 1.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-6271
The Community Events WordPress plugin before 1.5 does not have CSRF check in place when deleting events, which could allow attackers to make a logged in admin delete arbitrary events via a CSRF attack...
CVE-2022-44742
Auth. admin+ Stored Cross-Site Scripting vulnerability in Yannick Lefebvre Community Events plugin = 1.4.8 versions...
WordPress Community Events plugin < 1.5.1 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Community Events versions 1.5.1...
CVE-2024-6270
The Community Events WordPress plugin before 1.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-6270 Community Events < 1.5.1 - Admin+ Stored XSS
The Community Events WordPress plugin before 1.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-6270 Community Events < 1.5.1 - Admin+ Stored XSS
The Community Events WordPress plugin before 1.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WordPress plugin Community Events 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the WordPress plugin...
PT-2024-37498 · WordPress · Community Events
Name of the Vulnerable Software and Affected Versions: Community Events WordPress plugin versions prior to 1.5.1 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This is possible because the plugin does not properly sanitise and...
WordPress Community Events Plugin < 1.5.1 is vulnerable to Cross Site Scripting (XSS)
Software Community Events Type Plugin Vulnerable versions 1.5.1 Fixed in 1.5.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6270 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 41e2dd4ebfb2 Credits Bob Matyas Required...
WordPress Community Events plugin < 1.5 - Event Deletion via CSRF vulnerability
Event Deletion via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin Community Events versions 1.5...
CVE-2024-6271
The Community Events WordPress plugin before 1.5 does not have CSRF check in place when deleting events, which could allow attackers to make a logged in admin delete arbitrary events via a CSRF attack...
CVE-2024-6271
The Community Events WordPress plugin before 1.5 does not have CSRF check in place when deleting events, which could allow attackers to make a logged in admin delete arbitrary events via a CSRF attack...
CVE-2024-6271
CVE-2024-6271 affects Community Events WordPress plugin prior to 1.5. The vulnerability is due to a missing CSRF check when deleting events, allowing a CSRF attack to cause a logged-in admin to delete arbitrary events. No exploitation details are provided in the documents. Remediation: upgrade to...
CVE-2024-6271 Community Events < 1.5 - Event Deletion via CSRF
The Community Events WordPress plugin before 1.5 does not have CSRF check in place when deleting events, which could allow attackers to make a logged in admin delete arbitrary events via a CSRF attack...
CVE-2024-6271 Community Events < 1.5 - Event Deletion via CSRF
The Community Events WordPress plugin before 1.5 does not have CSRF check in place when deleting events, which could allow attackers to make a logged in admin delete arbitrary events via a CSRF attack...