Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the WebSocket post deletion event. An attacker can access unrevealed message contents by intercepting or listening to these events after deletion. Remediation Upgrade...

PT-2026-24179

The Court Reservation WordPress plugin before 1.10.9 does not have CSRF check in place when deleting events, which could allow attackers to make a logged in admin delete them via a CSRF attack...

PT-2026-22024

Name of the Vulnerable Software and Affected Versions The Events Calendar plugin for WordPress versions prior to 6.15.16 Description The Events Calendar plugin for WordPress is susceptible to unauthorized modification and potential loss of data. This is due to an insufficient capability check...

CVE-2026-1983

CVE-2026-1983 concerns the SEATT: Simple Event Attendance plugin for WordPress. The Wordfence entry states this vuln is a Cross-Site Request Forgery (CSRF) flaw present in all versions up to 1.5.0, caused by missing nonce validation on event deletion. This enables unauthenticated attackers to tri...

EUVD-2022-33772

Malicious code in bioql PyPI...

CVE-2024-6271

The Community Events WordPress plugin before 1.5 does not have CSRF check in place when deleting events, which could allow attackers to make a logged in admin delete arbitrary events via a CSRF attack...

TYPO3 Security Vulnerabilities

TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Association. A security vulnerability exists in TYPO3 versions prior to 8.3.8, and 9.x versions prior to 9.0.6, which stems from the presence of an insecure direct object reference IDOR vulnerability,...

CVE-2024-3756

The MF Gig Calendar WordPress plugin through 1.2.1 does not have CSRF checks in some places, which could allow attackers to make logged in Contributors and above delete arbitrary events via a CSRF attack...

PT-2024-27658 · WordPress · Mf Gig Calendar

Name of the Vulnerable Software and Affected Versions: MF Gig Calendar WordPress plugin versions 1.2.1 and earlier Description: The issue is related to the lack of CSRF checks in some places, which could allow attackers to make logged-in Contributors and above delete arbitrary events via a CSRF...

CVE-2022-29434

Insecure Direct Object References IDOR vulnerability in Spiffy Plugins Spiffy Calendar = 4.9.0 at WordPress allows an attacker to edit or delete events...

CVE-2022-29434

Insecure Direct Object References IDOR vulnerability in Spiffy Plugins Spiffy Calendar = 4.9.0 at WordPress allows an attacker to edit or delete events...

CVE-2021-24552

The Simple Events Calendar WordPress plugin through 1.4.0 does not sanitise, validate or escape the eventid POST parameter before using it in a SQL statement when deleting events, leading to an authenticated SQL injection issue...

CVE-2015-1559

Multiple cross-site request forgery CSRF vulnerabilities in administrator.php in Epignosis eFront Open Source Edition before 3.6.15.3 build 18022 allow remote attackers to hijack the authentication of administrators for requests that 1 delete modules via the deletemodule parameter, 2 deactivate...

CVE-2008-6736

Flat Calendar 1.1 does not properly restrict access to administrative functions, which allows remote attackers to 1 add new events via calAdd.php, as reachable from admin/add.php, or 2 delete events via admin/deleteEvent.php. NOTE: this is only a vulnerability when the administrator does not foll...