CVE-2026-31049

CVE-2026-31049 affects Hostbill versions 2025-11-24 and 2025-12-01. The issue allows a remote attacker to execute arbitrary code and escalate privileges via the CSV registration field. Root cause is a vulnerability in how CSV registration data is processed, enabling code execution and privilege e...

WordPress Community Events plugin <= 1.5.8 - Authenticated (Administrator+) SQL Injection via 'ce_venue_name' CSV Field vulnerability

Authenticated Administrator+ SQL Injection via 'cevenuename' CSV Field vulnerability discovered by Bee - FPT University in WordPress Plugin Community Events versions = 1.5.8...

CVE-2026-2429 Community Events <= 1.5.8 - Authenticated (Administrator+) SQL Injection via 'ce_venue_name' CSV Field

The Community Events plugin for WordPress is vulnerable to SQL Injection via the 'cevenuename' CSV field in the onsavechangesvenues function in all versions up to, and including, 1.5.8. This is due to insufficient escaping on the user-supplied CSV data and lack of sufficient preparation on the...

CVE-2026-2429

The CVE-2026-2429 entry concerns the WordPress Community Events plugin. It describes an SQL Injection vulnerability via the ce_venue_name field in the on_save_changes_venues function, affecting all versions up to 1.5.8. The issue stems from insufficient escaping of user-supplied CSV data and inad...

PT-2026-23814

The Community Events plugin for WordPress is vulnerable to SQL Injection via the 'ce venue name' CSV field in the on save changes venues function in all versions up to, and including, 1.5.8. This is due to insufficient escaping on the user-supplied CSV data and lack of sufficient preparation on t...

CVE-2025-65923

A Stored Cross-Site Scripting XSS vulnerability was discovered within the CSV import mechanism of ERPNext thru 15.88.1 when using the Update Existing Recordsoption. An attacker can embed malicious JavaScript code into a CSV field, which is then stored in the database and executed whenever the...