WordPress Timetable and Event Schedule by MotoPress plugin <= 2.4.16 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Exposure vulnerability

Insecure Direct Object Reference to Authenticated Contributor+ Sensitive Information Exposure vulnerability discovered by Jack Pas Dark. - Black Lantern Security in WordPress Plugin Timetable and Event Schedule versions = 2.4.16...

CVE-2025-58846 WordPress WordPress Buffer – HYPESocial. Social Media Auto Post, Social Media Auto Publish and Schedule Plugin <= 2020.1.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Dejan Markovic WordPress Buffer – HYPESocial. Social Media Auto Post, Social Media Auto Publish and Schedule buffer-my-post allows Reflected XSS.This issue affects WordPress Buffer – HYPESocial. Social Media Auto Post, Social Media Auto Publish and...

CVE-2025-58846 WordPress WordPress Buffer – HYPESocial. Social Media Auto Post, Social Media Auto Publish and Schedule Plugin <= 2020.1.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Dejan Markovic WordPress Buffer – HYPESocial. Social Media Auto Post, Social Media Auto Publish and Schedule buffer-my-post allows Reflected XSS.This issue affects WordPress Buffer – HYPESocial. Social Media Auto Post, Social Media Auto Publish and...

CVE-2025-22523

CVE-2025-22523 affects WordPress Schedule Plugin (

CVE-2025-22523 WordPress Schedule Plugin <= 1.0.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in NotFound Schedule allows Blind SQL Injection. This issue affects Schedule: from n/a through 1.0.0...

WordPress plugin Schedule SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

WordPress Schedule Plugin <= 1.0.0 - SQL Injection vulnerability

SQL Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Schedule versions = 1.0.0...

WordPress Schedule plugin <= 1.0.0 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Hassan Khan Yusufzai - Splint3r7 in WordPress Plugin Schedule versions = 1.0.0...

CVE-2024-13891 Schedule <= 1.0.0 - Reflected XSS

The Schedule WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-13891 Schedule <= 1.0.0 - Reflected XSS

The Schedule WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

WordPress Timetable and Event Schedule by MotoPress plugin <= 2.4.13 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by VNPT Nguyễn Phương Bắc Patchstack Alliance in WordPress Plugin Timetable and Event Schedule versions = 2.4.13...

CVE-2023-25994 WordPress Publish to Schedule plugin <= 4.4.2 - Cross Site Request Forgery (CSRF) vulnerability

A vulnerability in alexbenfica Publish to Schedule publish-to-schedule.This issue affects Publish to Schedule: from n/a through = 4.4.2...

CVE-2023-26519 WordPress Publish to Schedule Plugin <= 4.5.4 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Alex Benfica Publish to Schedule plugin = 4.5.4 versions...

WordPress WP Conference Schedule plugin < 1.1.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress WP Conference Schedule plugin versions 1.1.0. Solution Update the WordPress WP Conference Schedule plugin to the latest available version at least 1.1.0...

CVE-2021-24585

The Timetable and Event Schedule WordPress plugin before 2.4.0 outputs the Hashed Password, Username and Email Address along other less sensitive data of the user related to the Even Head of the Timeslot in the response when requesting the event Timeslot data with a user with the editposts...

CVE-2021-24724

The Timetable and Event Schedule by MotoPress WordPress plugin before 2.3.19 does not sanitise some of its parameters, which could allow low privilege users such as author to perform XSS attacks against frontend and backend users when viewing the related event/s...