Lucene search
K

23085 matches found

Nuclei
Nuclei
added 16 hours ago89 views

WordPress Event Tickets < 5.2.2 - Open Redirect

WordPress Event Tickets 5.2.2 is susceptible to an open redirect vulnerability. The plugin does not validate the tribeticketsredirectto parameter before redirecting the user to the given value, leading to an arbitrary redirect issue. id: CVE-2021-25028 info: name: WordPress Event Tickets 5.2.2 -...

6.1CVSS6.5AI score0.01932EPSS
Exploits2References2
Nuclei
Nuclei
added 16 hours ago88 views

WordPress Spider Calendar <=1.5.65 - Cross-Site Scripting

WorsPress Spider Calendar plugin through 1.5.65 is susceptible to cross-site scripting. The plugin does not sanitize and escape the callback parameter before outputting it back in the page via the window AJAX action, available to both unauthenticated and authenticated users. An attacker can injec...

6.1CVSS6AI score0.02291EPSS
Exploits2References3
Nuclei
Nuclei
added 16 hours ago61 views

WordPress RSVP and Event Management <2.7.8 - Missing Authorization

WordPress RSVP and Event Management plugin before 2.7.8 is susceptible to missing authorization. The plugin does not have any authorization checks when exporting its entries, and the export function is hooked to the init action. An attacker can potentially retrieve sensitive information such as...

5.3CVSS6.2AI score0.03764EPSS
Exploits1References3
Nuclei
Nuclei
added 16 hours ago89 views

Online Event Booking and Reservation System 2.3.0 - SQL Injection

Online Event Booking and Reservation System 2.3.0 contains a SQL injection vulnerability in event-management/views. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. id:...

9.8CVSS7.1AI score0.15806EPSS
Exploits3References5
Nuclei
Nuclei
added 16 hours ago45 views

Sourcecodester Online Event Booking and Reservation System 2.3.0 - Cross-Site Scripting

Sourcecodester Online Event Booking and Reservation System 2.3.0 contains a cross-site scripting vulnerability in PHP/MySQL via the msg parameter to /event-management/index.php. An attacker can leverage this vulnerability in order to change the visibility of the website. Once the target user clic...

4.3CVSS6.1AI score0.03792EPSS
Exploits3References5
Nuclei
Nuclei
added 16 hours ago14 views

ChurchCRM - SQL Injection

A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a time-based blind SQL Injection vulnerability in the EditEventTypes functionality. The newCountName parameter is directly concatenated into an SQL query without proper...

9.8CVSS7AI score0.02177EPSS
Exploits1References3
Nuclei
Nuclei
added 16 hours ago47 views

Quick Event Manager < 9.7.5 - Cross-Site Scripting

The Quick Event Manager WordPress Plugin, version 9.7.5, is affected by a reflected cross-site scripting vulnerability in the 'category' parameter of its 'qemajaxcalendar' action. id: CVE-2023-23491 info: name: Quick Event Manager 9.7.5 - Cross-Site Scripting author: ritikchaddha severity: medium...

6.1CVSS6.4AI score0.01179EPSS
Exploits2References4
Nuclei
Nuclei
added 16 hours ago35 views

Event Espresso Core-Reg 4.10.7.p - Cross-Site Scripting

Event Espresso Core-Reg 4.10.7.p is vulnerable to cross-site scripting in wp-content/plugins/event-espresso-core-reg/adminpages/messages/templates/eemsgadminoverview.template.php and allows remote attackers to inject arbitrary web script or HTML via the page parameter. id: CVE-2020-26153 info:...

6.1CVSS6.5AI score0.03796EPSS
Exploits2References5
Nuclei
Nuclei
added 16 hours ago48 views

Event Monster <= 1.4.3 - Information Exposure Via Visitors List Export

The Event Monster Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.3 via the Visitors List Export file. During the export, a CSV file is created in the wp-content folder with a hardcoded filename...

5.3CVSS6.5AI score0.01942EPSS
Exploits2References5
Nuclei
Nuclei
added 16 hours ago50 views

WordPress Spider Calendar <=1.4.9 - SQL Injection

WordPress Spider Calendar plugin through 1.4.9 is susceptible to SQL injection. An attacker can execute arbitrary SQL commands via the catid parameter in a spiderbigcalendarmonth action to wp-admin/admin-ajax.php, thus making it possible to obtain sensitive information, modify data, and/or execut...

7.5CVSS6.3AI score0.11182EPSS
Exploits1References4
Circl
Circl
added 22 hours ago4 views

CVE-2026-15622

creationtimestamp| type| source ---|---|--- 2026-07-14 01:37:46+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mql32izw6q2t...

6.9CVSS6.2AI score
Exploits0References1
Circl
Circl
added yesterday4 views

CVE-2026-52658

creationtimestamp| type| source ---|---|--- 2026-07-13 22:00:06+00:00| seen| https://t.me/GithubRedTeam/92563 2026-07-14 00:00:10+00:00| seen| https://t.me/GithubRedTeam/92563...

6.1AI score
Exploits0References1
Circl
Circl
added yesterday4 views

GHSA-C2H5-PPV9-7VRQ

creationtimestamp| type| source ---|---|--- 2026-07-13 22:00:03+00:00| seen| https://t.me/GithubRedTeam/93198 2026-07-14 01:00:10+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/93198...

6.1AI score
Exploits0References1
Circl
Circl
added yesterday5 views

CVE-2026-15584

creationtimestamp| type| source ---|---|--- 2026-07-13 13:23:46+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116912883381040364 2026-07-13 13:43:38+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqjt5kbc6h25 2026-07-13 16:07:28+00:00| seen|...

7.5CVSS6.1AI score
Exploits0References4
Circl
Circl
added yesterday5 views

GHSA-C7HR-448W-65PX

creationtimestamp| type| source ---|---|--- 2026-07-13 13:00:04+00:00| seen| https://t.me/poxek/6193 2026-07-14 00:00:48+00:00| published-proof-of-concept| https://t.me/poxek/6193...

6.1AI score
Exploits0References1
NVD
NVD
added yesterday3 views

CVE-2026-57705

Missing Authorization vulnerability in Nexcess Event Tickets event-tickets allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Tickets: from n/a through = 5.28.5...

7.5CVSS0.00346EPSS
Exploits0References1
NVD
NVD
added yesterday3 views

CVE-2026-57400

Missing Authorization vulnerability in WP Swings Event Tickets Manager for WooCommerce event-tickets-manager-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Tickets Manager for WooCommerce: from n/a through = 1.5.5...

6.5CVSS0.00332EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday28 views

CVE-2026-57705 WordPress Event Tickets plugin <= 5.28.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Nexcess Event Tickets event-tickets allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Tickets: from n/a through = 5.28.5...

7.5CVSS0.00346EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday25 views

CVE-2026-57400 WordPress Event Tickets Manager for WooCommerce plugin <= 1.5.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Swings Event Tickets Manager for WooCommerce event-tickets-manager-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Tickets Manager for WooCommerce: from n/a through = 1.5.5...

6.5CVSS0.00332EPSS
Exploits0References1
CVE
CVE
added yesterday11 views

CVE-2026-57705

CVE-2026-57705 affects the WordPress plugin Event Tickets (versions

7.5CVSS6.1AI score0.00346EPSS
Exploits0References1
Rows per page
Query Builder