CVE-2025-69135

Subscriber SQL Injection in Events Schedule - WordPress Events Calendar Plugin = 2.7.2 versions...

PT-2026-20364

The WP Event Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp events' shortcode in all versions up to, and including, 1.8.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress Events Manager plugin <= 7.2.2.2 - Unauthenticated Information Exposure vulnerability

Unauthenticated Information Exposure vulnerability discovered by thinnawarth mathuros in WordPress Plugin Events Manager versions = 7.2.2.2...

CVE-2025-58265 WordPress Events Manager – OpenStreetMaps Plugin <= 4.2.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Stonehenge Creations Events Manager – OpenStreetMaps stonehenge-em-osm allows Stored XSS.This issue affects Events Manager – OpenStreetMaps: from n/a through = 4.2.1...

CVE-2025-58265

CVE-2025-58265 : Stored XSS in WordPress plugin “Events Manager – OpenStreetMaps” (Stonehenge Creations). Affected: Events Manager – OpenStreetMaps, version range up to 4.2.1. Root cause: improper input neutralization during web page generation, enabling authenticated users to inject scripts that...

WordPress The Events Calendar plugin <= 6.15.1 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by mikemyers in WordPress Plugin The Events Calendar versions = 6.15.1...

CVE-2025-58862

CVE-2025-58862 affects WordPress WordPress Events Calendar Plugin – connectDaily (versions

CVE-2025-58862 WordPress WordPress Events Calendar Plugin – connectDaily Plugin <= 1.5.5 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in George Sexton WordPress Events Calendar Plugin – connectDaily connect-daily-web-calendar allows Stored XSS.This issue affects WordPress Events Calendar Plugin – connectDaily: from n/a through = 1.5...

WordPress WordPress Events Calendar Plugin – connectDaily Plugin <= 1.5.5 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Mika in WordPress Plugin WordPress Events Calendar Plugin – connectDaily versions = 1.5.5...

PT-2025-36201

Name of the Vulnerable Software and Affected Versions: George Sexton WordPress Events Calendar Plugin – connectDaily versions through 1.5.3 Description: The WordPress Events Calendar Plugin – connectDaily contains a cross-site scripting XSS issue due to improper neutralization of input during web...

WordPress plugin WordPress Events Calendar Plugin – connectDaily 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin WordPress Events Calendar...

WordPress Events Addon for Elementor plugin cross-site scripting vulnerability

WordPress Events Addon for Elementor plugin is a plugin designed for Elementor page builder, mainly for creating event websites. The WordPress Events Addon for Elementor plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and...

CVE-2025-39372

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in elbisnero WordPress Events Calendar Registration & Tickets wpeventplus allows Reflected XSS.This issue affects WordPress Events Calendar Registration & Tickets: from n/a through = 2.6.0...

CVE-2025-39372 WordPress WordPress Events Calendar Registration & Tickets plugin <= 2.6.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in elbisnero WordPress Events Calendar Registration & Tickets wpeventplus allows Reflected XSS.This issue affects WordPress Events Calendar Registration & Tickets: from n/a through = 2.6.0...

CVE-2025-39372

CVE-2025-39372 – Reflected Cross‑Site Scripting in the WordPress Events Calendar Registration & Tickets plugin (versions

CVE-2025-47581

Deserialization of Untrusted Data vulnerability in elbisnero WordPress Events Calendar Registration & Tickets wpeventplus allows Object Injection.This issue affects WordPress Events Calendar Registration & Tickets: from n/a through = 2.6.0...

CVE-2025-47581 WordPress WordPress Events Calendar Registration & Tickets plugin <= 2.6.0 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Elbisnero WordPress Events Calendar Registration & Tickets allows Object Injection.This issue affects WordPress Events Calendar Registration & Tickets: from n/a through 2.6.0...

WordPress plugin Simple WP Events 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

CVE-2025-32597

Cross-Site Request Forgery CSRF vulnerability in George Sexton WordPress Events Calendar Plugin – connectDaily connect-daily-web-calendar allows Cross-Site Scripting XSS.This issue affects WordPress Events Calendar Plugin – connectDaily: from n/a through = 1.5.4...

PT-2025-15799 · WordPress · Wordpress Events Calendar Plugin – Connectdaily

Name of the Vulnerable Software and Affected Versions: WordPress Events Calendar Plugin – connectDaily versions 1.4.8 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability that also allows Cross-Site Scripting XSS in the WordPress Events Calendar Plugin ...