CVE-2025-14029 Community Events <= 1.5.6 - Missing Authorization to Unauthenticated Arbitrary Event Approval via 'eventlist' Parameter

The Community Events plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxadmineventapproval function in all versions up to, and including, 1.5.6. This makes it possible for unauthenticated attackers to approve arbitrary events via t...

PT-2026-3348

The Community Events plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax admin event approval function in all versions up to, and including, 1.5.6. This makes it possible for unauthenticated attackers to approve arbitrary events vi...

WordPress Community Events plugin <= 1.5.6 - Missing Authorization to Unauthenticated Arbitrary Event Approval via 'eventlist' Parameter vulnerability

Missing Authorization to Unauthenticated Arbitrary Event Approval via 'eventlist' Parameter vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Plugin Community Events versions = 1.5.6...

WordPress Community Events plugin <= 1.5.1 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by ifoundbug in WordPress Plugin Community Events versions = 1.5.1...

WordPress AM Events plugin <= 1.13.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Nur Ibnu Hubab in WordPress Plugin AM Events versions = 1.13.1...

Malicious code in drop-events-on-property-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9ec0ea7d31f1e0fec815bf2b3893bc6e320c5c3e309b43d22130d5af8a52a033 The package drop-events-on-property-plugin was found to contain malicious code. Source: google-open-source-security...

MAL-2025-191394 Malicious code in drop-events-on-property-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9ec0ea7d31f1e0fec815bf2b3893bc6e320c5c3e309b43d22130d5af8a52a033 The package drop-events-on-property-plugin was found to contain malicious code. Source: google-open-source-security...

MAL-2025-190946 Malicious code in @posthog/drop-events-on-property-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d1dee879dbf8f8819008c31e641e4fec6584690087c6929cba530e9171464cb4 The package @posthog/drop-events-on-property-plugin was found to contain malicious code. Source: ghsa-malware...

EUVD-2025-199097

Malicious code in @posthog/drop-events-on-property-plugin npm...

WordPress Community Events plugin SQL Injection Vulnerability

WordPress Community Events plugin is an event management plugin on the WordPress platform , mainly used to create and display the event calendar , support for AJAX dynamic loading and event submission form features . WordPress Community Events plugin suffers from a SQL injection vulnerability tha...

EUVD-2025-198116

The Community Events plugin for WordPress is vulnerable to SQL Injection via the 'dayofyear' parameter in all versions up to, and including, 1.5.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2025-12646 Community Events <= 1.5.4 - Unauthenticated SQL Injection

The Community Events plugin for WordPress is vulnerable to SQL Injection via the 'dayofyear' parameter in all versions up to, and including, 1.5.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2025-11995

The Community Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via event details parameter in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2025-11995 Community Events <= 1.5.2 - Unauthenticated Stored Cross-Site Scripting

The Community Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via event details parameter in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2025-11995

The CVE-2025-11995 entry concerns the WordPress Community Events plugin (versions up to and including 1.5.2). The vulnerability is a Stored Cross-Site Scripting (XSS) in the event details parameter caused by insufficient input sanitization and output escaping. It allows unauthenticated attackers ...

WordPress Community Events plugin SQL Injection Vulnerability

The WordPress Community Events plugin is a plugin that allows users to publish event information independently through a website form, while administrators can retain the right to final review of calendar content. WordPress Community Events plugin suffers from a SQL injection vulnerability that...

EUVD-2025-33267

The Community Events plugin for WordPress is vulnerable to SQL Injection via the ‘eventvenue’ parameter in all versions up to, and including, 1.5.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2025-10586 Community Events <= 1.5.1 - Unauthenticated SQL Injection

The Community Events plugin for WordPress is vulnerable to SQL Injection via the ‘eventvenue’ parameter in all versions up to, and including, 1.5.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2025-10587

The Community Events plugin for WordPress is vulnerable to SQL Injection via the eventcategory parameter in all versions up to, and including, 1.5.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2025-10587

The CVE affects the WordPress Community Events plugin. The vulnerability is an SQL Injection in the event_category parameter present in all versions up to and including 1.5.1, caused by insufficient escaping and inadequate preparation of the SQL query. This allows authenticated attackers with Sub...