CVE-2025-12408 Events Manager <= 7.2.2.2 - Unauthenticated Information Exposure

The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 7.2.2.2 via the 'getlocation' action due to insufficient restrictions on which locations can be included. This makes it possible for...

CVE-2025-12408

The CVE-2025-12408 entry pertains to the WordPress plugin “Events Manager” (Calendar, Bookings, Tickets, and more). Description: Information Exposure via an under-restricted get_location operation that affects all versions up to and including 7.2.2.2. Root cause: insufficient access restrictions ...

CVE-2025-12408 Events Manager <= 7.2.2.2 - Unauthenticated Information Exposure

The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 7.2.2.2 via the 'getlocation' action due to insufficient restrictions on which locations can be included. This makes it possible for...

PT-2025-50921

The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 7.2.2.2 via the 'get location' action due to insufficient restrictions on which locations can be included. This makes it possible for...

CVE-2025-13558

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'deleteUserCcDraftPost' function in all versions up to, and including, 8.7.0. This makes it possible for authenticated attackers, wi...

CVE-2025-13558

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'deleteUserCcDraftPost' function in all versions up to, and including, 8.7.0. This makes it possible for authenticated attackers, wi...

EUVD-2025-197993

The Pixel Manager for WooCommerce – Track Conversions and Analytics, Google Ads, TikTok and more plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.49.2 via the ajaxpmwgetproductids function due to insufficient restrictions on which products can be...

CVE-2025-12545

The Pixel Manager for WooCommerce – Track Conversions and Analytics, Google Ads, TikTok and more plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.49.2 via the ajaxpmwgetproductids function due to insufficient restrictions on which products can be...

CVE-2025-12545

CVE-2025-12545 affects the Pixel Manager for WooCommerce – Track Conversions and Analytics, Google Ads, TikTok and more WordPress plugin. The vulnerability is an information exposure in all versions up to 1.49.2 caused by insufficient access restrictions in the ajax_pmw_get_product_ids() function...

CVE-2025-12545 Pixel Manager for WooCommerce – Track Conversions and Analytics, Google Ads, TikTok and more <= 1.49.2 - Unauthenticated Information Exposure

The Pixel Manager for WooCommerce – Track Conversions and Analytics, Google Ads, TikTok and more plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.49.2 via the ajaxpmwgetproductids function due to insufficient restrictions on which products can be...

CVE-2025-12545 Pixel Manager for WooCommerce – Track Conversions and Analytics, Google Ads, TikTok and more <= 1.49.2 - Unauthenticated Information Exposure

The Pixel Manager for WooCommerce – Track Conversions and Analytics, Google Ads, TikTok and more plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.49.2 via the ajaxpmwgetproductids function due to insufficient restrictions on which products can be...

CVE-2025-11454

The Specific Content For Mobile – Customize the mobile version without redirections plugin for WordPress is vulnerable to SQL Injection via the eosscfmduplicatepostasdraft function in all versions up to, and including, 0.5.5 due to insufficient escaping on the user supplied parameter and lack of...

EUVD-2025-124905

The Specific Content For Mobile – Customize the mobile version without redirections plugin for WordPress is vulnerable to SQL Injection via the eosscfmduplicatepostasdraft function in all versions up to, and including, 0.5.5 due to insufficient escaping on the user supplied parameter and lack of...

WordPress plugin Specific Content For Mobile – Customize the mobile version without redirections SQL注入漏洞

WordPress and the WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin...

CVE-2025-11377

The List category posts plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 0.92.0 via the 'catlist' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with contributor-level...

CVE-2025-11377

The List category posts plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 0.92.0 via the 'catlist' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with contributor-level...

CVE-2025-12175

The The Events Calendar plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'tecqrcodemodal' AJAX endpoint in all versions up to, and including, 6.15.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to vi...

CVE-2025-12175 The Events Calendar <= 6.15.9 - Missing Authorization to Authenticated (Subscriber+) Draft Event Title/QR Code Exposure

The The Events Calendar plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'tecqrcodemodal' AJAX endpoint in all versions up to, and including, 6.15.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to vi...

EUVD-2025-37314

The The Events Calendar plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'tecqrcodemodal' AJAX endpoint in all versions up to, and including, 6.15.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to vi...

CVE-2025-12175 The Events Calendar <= 6.15.9 - Missing Authorization to Authenticated (Subscriber+) Draft Event Title/QR Code Exposure

The The Events Calendar plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'tecqrcodemodal' AJAX endpoint in all versions up to, and including, 6.15.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to vi...