WordPress Spider Calendar <=1.5.65 - Cross-Site Scripting

WorsPress Spider Calendar plugin through 1.5.65 is susceptible to cross-site scripting. The plugin does not sanitize and escape the callback parameter before outputting it back in the page via the window AJAX action, available to both unauthenticated and authenticated users. An attacker can injec...

WordPress Spider Calendar <=1.4.9 - SQL Injection

WordPress Spider Calendar plugin through 1.4.9 is susceptible to SQL injection. An attacker can execute arbitrary SQL commands via the catid parameter in a spiderbigcalendarmonth action to wp-admin/admin-ajax.php, thus making it possible to obtain sensitive information, modify data, and/or execut...

org.webjars.npm:event-calendar__core (>=3.1.0 <=3.7.1), org.webjars.npm:event-calendar__day-grid (=3.6.2) +2 more potentially affected by CVE-2026-42573 via org.webjars.npm:svelte (>=3.20.1 <=4.2.19)

org.webjars.npm:svelte MAVEN version =3.20.1, =3.1.0, =3.1.0, =3.6.2 - org.webjars.npm:stylesheet-switcher =3.0.0 Source cves: CVE-2026-42573 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-16697542...

org.webjars.npm:event-calendar__core (>=3.1.0 <=3.7.1), org.webjars.npm:event-calendar__day-grid (=3.6.2) +2 more potentially affected by CVE-2026-42599 via org.webjars.npm:svelte (>=3.20.1 <=4.2.19)

org.webjars.npm:svelte MAVEN version =3.20.1, =3.1.0, =3.1.0, =3.6.2 - org.webjars.npm:stylesheet-switcher =3.0.0 Source cves: CVE-2026-42599 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-16697616...

CVE-2026-25465

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in codepeople CP Multi View Event Calendar cp-multi-view-calendar allows Stored XSS.This issue affects CP Multi View Event Calendar : from n/a through = 1.4.36...

CVE-2026-25465

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in codepeople CP Multi View Event Calendar cp-multi-view-calendar allows Stored XSS.This issue affects CP Multi View Event Calendar : from n/a through = 1.4.37...

CVE-2026-25465 WordPress CP Multi View Event Calendar plugin <= 1.4.36 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in codepeople CP Multi View Event Calendar cp-multi-view-calendar allows Stored XSS.This issue affects CP Multi View Event Calendar : from n/a through = 1.4.36...

CVE-2026-24378

CVE-2026-24378 describes a Deserialization of Untrusted Data flaw in EventPrime (Events Calendar, Bookings and Tickets) that enables unauthenticated PHP object injection. Affected: EventPrime

CVE-2025-69358 WordPress EventPrime plugin <= 4.2.6.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through = 4.2.6.0...

PT-2026-27808

Name of the Vulnerable Software and Affected Versions Metagauss EventPrime versions n/a through 4.2.6.0 Description A missing authorization flaw exists in Metagauss EventPrime eventprime-event-calendar-management. This issue allows exploitation of incorrectly configured access control security...

PT-2026-27959

Name of the Vulnerable Software and Affected Versions codepeople CP Multi View Event Calendar versions through 1.4.35 Description The software contains a flaw related to improper input handling during web page generation, leading to a cross-site scripting issue. This allows for Stored XSS attacks...

WordPress CP Multi View Event Calendar plugin <= 1.4.35 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by PPzzAArr in WordPress Plugin CP Multi View Event Calendar versions = 1.4.35...

CVE-2026-25389

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Retrieve Embedded Sensitive Data.This issue affects EventPrime: from n/a through = 4.2.8.3...

CVE-2026-25389 WordPress EventPrime plugin <= 4.2.8.3 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Retrieve Embedded Sensitive Data.This issue affects EventPrime: from n/a through = 4.2.8.3...

CVE-2026-0556

The XO Event Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'xoeventfield' shortcode in all versions up to, and including, 3.2.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2026-0556 XO Event Calendar <= 3.2.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'xo_event_field' shortcode

The XO Event Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'xoeventfield' shortcode in all versions up to, and including, 3.2.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2026-0556

CVE-2026-0556 concerns the XO Event Calendar WordPress plugin (versions

WordPress XO Event Calendar plugin <= 3.2.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'xo_event_field' shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'xoeventfield' shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin XO Event Calendar versions = 3.2.10...

WordPress Happy Addons for Elementor plugin <= 3.10.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Event Calendar Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Event Calendar Widget vulnerability discovered by stealthcopter in WordPress Plugin Happy Addons for Elementor versions = 3.10.7...

CVE-2026-24380

Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through = 4.2.8.0...