CVE-2025-12646

The Community Events plugin for WordPress is vulnerable to SQL Injection via the 'dayofyear' parameter in all versions up to, and including, 1.5.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2025-12646

CVE-2025-12646 concerns the WordPress Community Events plugin, where a SQL Injection vulnerability exists in the dayofyear parameter in all versions up to 1.5.4 due to insufficient escaping and lack of proper query preparation. This allows unauthenticated attackers to append additional SQL into e...

CVE-2025-12646 Community Events <= 1.5.4 - Unauthenticated SQL Injection

The Community Events plugin for WordPress is vulnerable to SQL Injection via the 'dayofyear' parameter in all versions up to, and including, 1.5.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

WordPress plugin Community Events SQL注入漏洞

WordPress Community Events plugin is an event management plugin on the WordPress platform , mainly used to create and display the event calendar , support for AJAX dynamic loading and event submission form features . WordPress Community Events plugin suffers from a SQL injection vulnerability tha...