23 matches found
CVE-2025-58009 WordPress CP Multi View Event Calendar Plugin <= 1.4.32 - Broken Access Control Vulnerability
Missing Authorization vulnerability in codepeople CP Multi View Event Calendar allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CP Multi View Event Calendar : from n/a through 1.4.32...
CVE-2025-7813
The Events Calendar, Event Booking, Registrations and Event Tickets – Eventin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.37 via the proxyimage function. This makes it possible for unauthenticated attackers to make web requests to...
CVE-2025-52731
Missing Authorization vulnerability in themefunction WordPress Event Manager, Event Calendar and Booking Plugin eventin-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Event Manager, Event Calendar and Booking Plugin: from n/a through =...
CVE-2025-52731 WordPress WordPress Event Manager, Event Calendar and Booking Plugin Plugin <= 4.0.24 - Arbitrary Content Deletion Vulnerability
Missing Authorization vulnerability in themefunction WordPress Event Manager, Event Calendar and Booking Plugin eventin-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Event Manager, Event Calendar and Booking Plugin: from n/a through =...
CVE-2025-52730
CVE-2025-52730 affects WordPress Event Manager, Event Calendar and Booking Plugin (WordPress Event Manager, Event Calendar and Booking Plugin) versions up to 4.0.24. It is a Stored Cross-Site Scripting (XSS) caused by improper input neutralization during web page generation. The CVSS 3.1 base met...
PT-2025-33210 · WordPress · Event Calendar/Booking Plugin +1
Name of the Vulnerable Software and Affected Versions: WordPress Event Manager, Event Calendar and Booking Plugin versions through 4.0.24 Description: The software contains an improper neutralization of input during web page generation, which allows for stored cross-site scripting XSS...
WordPress Event Calendar plugin <= 1.0.4 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Event Calendar versions = 1.0.4...
CVE-2024-8700
The Event Calendar WordPress plugin through 1.0.4 does not check for authorization on delete actions, allowing unauthenticated users to delete arbitrary calendars...
CVE-2024-8700
The Event Calendar WordPress plugin through 1.0.4 does not check for authorization on delete actions, allowing unauthenticated users to delete arbitrary calendars...
CVE-2024-8701 Event Calendar <= 1.0.4 - Admin+ Stored XSS
The events-calendar WordPress plugin through 1.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WordPress plugin Event Calendar 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...
CVE-2023-6243
The EventON PRO - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.8. This is due to missing or incorrect nonce validation on the admintestemail function. This makes it possible for unauthenticated...
CVE-2023-6243
The CVE-2023-6243 entry concerns EventON Pro (WordPress) up to version 4.6.8, with a Cross-Site Request Forgery (CSRF) flaw in the admin_test_email function caused by missing or improper nonce validation. This can allow unauthenticated attackers to trigger test emails to arbitrary addresses by tr...
CVE-2023-6243 EventON PRO - WordPress Virtual Event Calendar Plugin <= 4.6.8 - Cross-Site Request Forgery via admin_test_email
The EventON PRO - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.8. This is due to missing or incorrect nonce validation on the admintestemail function. This makes it possible for unauthenticated...
CVE-2024-1321
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 3.4.2. This is due to the plugin allowing unauthenticated users to update the status of order payments. This makes it possible for unauthenticated...
CVE-2023-6244
The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.4 Pro & 2.2.8 Free. This is due to missing or incorrect nonce validation on the savevirtualeventsettings function. This makes it possibl...
CVE-2023-6242
CVE-2023-6242 is a CSRF vulnerability in the EventON WordPress plugins (EventON and EventON Pro). The flaw arises from missing or incorrect nonce validation in evo_eventpost_update_meta, enabling unauthenticated attackers to forge requests to update arbitrary post metadata. It affects all version...
CVE-2023-6158 EventON - WordPress Virtual Event Calendar Plugin Pro <= 4.5.4 & Free <= 2.2.7 - Missing Authorization to Arbitrary Post Meta Update via evo_eventpost_update_meta
The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the evoeventpostupdatemeta function in all versions up to, and including, 4.5.4 for Pro and 2.2.7 for free. This make...
CVE-2022-38067
Unauthenticated Event Deletion vulnerability in Totalsoft Event Calendar – Calendar plugin = 1.4.6 at WordPress...
CVE-2022-38067 WordPress Event Calendar – Calendar plugin <= 1.4.6 - Unauthenticated Event Deletion vulnerability
Unauthenticated Event Deletion vulnerability in Totalsoft Event Calendar – Calendar plugin = 1.4.6 at WordPress...