9 matches found
CVE-2016-20069 WordPress Booking Calendar Contact Form 1.0.23 SQL Injection
WordPress Booking Calendar Contact Form 1.0.23 contains an unauthenticated blind SQL injection vulnerability in the shortcode function that fails to sanitize the calendar parameter before using it in database queries. Attackers can inject SQL commands through the calendar shortcode parameter to...
CVE-2026-1922
CVE-2026-1922 : The Events Calendar Shortcode & Block plugin for WordPress contains a stored XSS vulnerability in the ecs-list-events shortcode, via the message attribute. It affects all versions up to 3.1.2 and arises from insufficient input sanitization and output escaping on user-supplied attr...
CVE-2026-24988
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brian Hogg The Events Calendar Shortcode & Block the-events-calendar-shortcode allows Stored XSS.This issue affects The Events Calendar Shortcode & Block: from n/a through = 3.1.1...
EUVD-2026-5313
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brian Hogg The Events Calendar Shortcode & Block the-events-calendar-shortcode allows Stored XSS.This issue affects The Events Calendar Shortcode & Block: from n/a through = 3.1.1...
PT-2026-6235
Name of the Vulnerable Software and Affected Versions The Events Calendar Shortcode & Block versions through 3.1.1 Description The software contains a flaw related to improper input handling during web page creation, specifically a Stored Cross-site Scripting issue. This allows for the injection ...
CVE-2025-9851
CVE-2025-9851 affects the WordPress Appointmind plugin. The vulnerability is a Stored Cross‑Site Scripting via the appointmind_calendar shortcode in all versions up to 4.1.0, caused by insufficient input sanitization and output escaping on user-supplied attributes. Authenticated attackers with co...
PT-2025-38103
Name of the Vulnerable Software and Affected Versions: Appointmind plugin for WordPress versions up to and including 4.1.0 Description: The Appointmind plugin for WordPress is susceptible to Stored Cross-Site Scripting through the appointmind calendar shortcode. Insufficient input sanitization an...
PT-2025-1856 · WordPress · Yogo Booking
Name of the Vulnerable Software and Affected Versions: YOGO Booking plugin for WordPress versions up to, and including, 1.6.2 Description: The issue is related to stored cross-site scripting due to insufficient input sanitization and output escaping on user-supplied attributes in the yogo-calenda...
PT-2023-28608 · WordPress · Embedpress
Name of the Vulnerable Software and Affected Versions: EmbedPress plugin for WordPress versions up to, and including, 3.8.2 Description: The issue is related to Stored Cross-Site Scripting via the 'embedpress calendar' shortcode due to insufficient input sanitization and output escaping on...