Lucene search
K

9 matches found

Cvelist
Cvelist
added 2026/06/15 12:0 p.m.33 views

CVE-2016-20069 WordPress Booking Calendar Contact Form 1.0.23 SQL Injection

WordPress Booking Calendar Contact Form 1.0.23 contains an unauthenticated blind SQL injection vulnerability in the shortcode function that fails to sanitize the calendar parameter before using it in database queries. Attackers can inject SQL commands through the calendar shortcode parameter to...

8.8CVSS0.0024EPSS
Exploits0References3
CVE
CVE
added 2026/02/10 9:26 a.m.22 views

CVE-2026-1922

CVE-2026-1922 : The Events Calendar Shortcode & Block plugin for WordPress contains a stored XSS vulnerability in the ecs-list-events shortcode, via the message attribute. It affects all versions up to 3.1.2 and arises from insufficient input sanitization and output escaping on user-supplied attr...

6.4CVSS5.8AI score0.00245EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/03 2:8 p.m.2 views

CVE-2026-24988

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brian Hogg The Events Calendar Shortcode & Block the-events-calendar-shortcode allows Stored XSS.This issue affects The Events Calendar Shortcode & Block: from n/a through = 3.1.1...

5.3AI score0.00127EPSS
Exploits0References2
EUVD
EUVD
added 2026/02/03 2:8 p.m.6 views

EUVD-2026-5313

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brian Hogg The Events Calendar Shortcode & Block the-events-calendar-shortcode allows Stored XSS.This issue affects The Events Calendar Shortcode & Block: from n/a through = 3.1.1...

6.5CVSS5.3AI score0.00127EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.5 views

PT-2026-6235

Name of the Vulnerable Software and Affected Versions The Events Calendar Shortcode & Block versions through 3.1.1 Description The software contains a flaw related to improper input handling during web page creation, specifically a Stored Cross-site Scripting issue. This allows for the injection ...

6.5CVSS5.4AI score0.00127EPSS
Exploits0References4
CVE
CVE
added 2025/09/17 1:49 a.m.25 views

CVE-2025-9851

CVE-2025-9851 affects the WordPress Appointmind plugin. The vulnerability is a Stored Cross‑Site Scripting via the appointmind_calendar shortcode in all versions up to 4.1.0, caused by insufficient input sanitization and output escaping on user-supplied attributes. Authenticated attackers with co...

6.4CVSS4.7AI score0.0018EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/09/17 12:0 a.m.7 views

PT-2025-38103

Name of the Vulnerable Software and Affected Versions: Appointmind plugin for WordPress versions up to and including 4.1.0 Description: The Appointmind plugin for WordPress is susceptible to Stored Cross-Site Scripting through the appointmind calendar shortcode. Insufficient input sanitization an...

6.4CVSS5AI score0.0018EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/01/07 12:0 a.m.6 views

PT-2025-1856 · WordPress · Yogo Booking

Name of the Vulnerable Software and Affected Versions: YOGO Booking plugin for WordPress versions up to, and including, 1.6.2 Description: The issue is related to stored cross-site scripting due to insufficient input sanitization and output escaping on user-supplied attributes in the yogo-calenda...

6.4CVSS6.2AI score0.00327EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2023/08/10 12:0 a.m.6 views

PT-2023-28608 · WordPress · Embedpress

Name of the Vulnerable Software and Affected Versions: EmbedPress plugin for WordPress versions up to, and including, 3.8.2 Description: The issue is related to Stored Cross-Site Scripting via the 'embedpress calendar' shortcode due to insufficient input sanitization and output escaping on...

6.4CVSS5.7AI score0.00423EPSS
Exploits0References7
Rows per page
Query Builder