23085 matches found
WordPress Event Tickets < 5.2.2 - Open Redirect
WordPress Event Tickets 5.2.2 is susceptible to an open redirect vulnerability. The plugin does not validate the tribeticketsredirectto parameter before redirecting the user to the given value, leading to an arbitrary redirect issue. id: CVE-2021-25028 info: name: WordPress Event Tickets 5.2.2 -...
WordPress Spider Calendar <=1.5.65 - Cross-Site Scripting
WorsPress Spider Calendar plugin through 1.5.65 is susceptible to cross-site scripting. The plugin does not sanitize and escape the callback parameter before outputting it back in the page via the window AJAX action, available to both unauthenticated and authenticated users. An attacker can injec...
WordPress RSVP and Event Management <2.7.8 - Missing Authorization
WordPress RSVP and Event Management plugin before 2.7.8 is susceptible to missing authorization. The plugin does not have any authorization checks when exporting its entries, and the export function is hooked to the init action. An attacker can potentially retrieve sensitive information such as...
Online Event Booking and Reservation System 2.3.0 - SQL Injection
Online Event Booking and Reservation System 2.3.0 contains a SQL injection vulnerability in event-management/views. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. id:...
Sourcecodester Online Event Booking and Reservation System 2.3.0 - Cross-Site Scripting
Sourcecodester Online Event Booking and Reservation System 2.3.0 contains a cross-site scripting vulnerability in PHP/MySQL via the msg parameter to /event-management/index.php. An attacker can leverage this vulnerability in order to change the visibility of the website. Once the target user clic...
ChurchCRM - SQL Injection
A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a time-based blind SQL Injection vulnerability in the EditEventTypes functionality. The newCountName parameter is directly concatenated into an SQL query without proper...
Quick Event Manager < 9.7.5 - Cross-Site Scripting
The Quick Event Manager WordPress Plugin, version 9.7.5, is affected by a reflected cross-site scripting vulnerability in the 'category' parameter of its 'qemajaxcalendar' action. id: CVE-2023-23491 info: name: Quick Event Manager 9.7.5 - Cross-Site Scripting author: ritikchaddha severity: medium...
Event Espresso Core-Reg 4.10.7.p - Cross-Site Scripting
Event Espresso Core-Reg 4.10.7.p is vulnerable to cross-site scripting in wp-content/plugins/event-espresso-core-reg/adminpages/messages/templates/eemsgadminoverview.template.php and allows remote attackers to inject arbitrary web script or HTML via the page parameter. id: CVE-2020-26153 info:...
Event Monster <= 1.4.3 - Information Exposure Via Visitors List Export
The Event Monster Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.3 via the Visitors List Export file. During the export, a CSV file is created in the wp-content folder with a hardcoded filename...
WordPress Spider Calendar <=1.4.9 - SQL Injection
WordPress Spider Calendar plugin through 1.4.9 is susceptible to SQL injection. An attacker can execute arbitrary SQL commands via the catid parameter in a spiderbigcalendarmonth action to wp-admin/admin-ajax.php, thus making it possible to obtain sensitive information, modify data, and/or execut...
CVE-2026-15622
creationtimestamp| type| source ---|---|--- 2026-07-14 01:37:46+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mql32izw6q2t...
CVE-2026-52658
creationtimestamp| type| source ---|---|--- 2026-07-13 22:00:06+00:00| seen| https://t.me/GithubRedTeam/92563 2026-07-14 00:00:10+00:00| seen| https://t.me/GithubRedTeam/92563...
GHSA-C2H5-PPV9-7VRQ
creationtimestamp| type| source ---|---|--- 2026-07-13 22:00:03+00:00| seen| https://t.me/GithubRedTeam/93198 2026-07-14 01:00:10+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/93198...
CVE-2026-15584
creationtimestamp| type| source ---|---|--- 2026-07-13 13:23:46+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116912883381040364 2026-07-13 13:43:38+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqjt5kbc6h25 2026-07-13 16:07:28+00:00| seen|...
GHSA-C7HR-448W-65PX
creationtimestamp| type| source ---|---|--- 2026-07-13 13:00:04+00:00| seen| https://t.me/poxek/6193 2026-07-14 00:00:48+00:00| published-proof-of-concept| https://t.me/poxek/6193...
CVE-2026-57705
Missing Authorization vulnerability in Nexcess Event Tickets event-tickets allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Tickets: from n/a through = 5.28.5...
CVE-2026-57400
Missing Authorization vulnerability in WP Swings Event Tickets Manager for WooCommerce event-tickets-manager-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Tickets Manager for WooCommerce: from n/a through = 1.5.5...
CVE-2026-57705 WordPress Event Tickets plugin <= 5.28.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in Nexcess Event Tickets event-tickets allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Tickets: from n/a through = 5.28.5...
CVE-2026-57400 WordPress Event Tickets Manager for WooCommerce plugin <= 1.5.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in WP Swings Event Tickets Manager for WooCommerce event-tickets-manager-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Tickets Manager for WooCommerce: from n/a through = 1.5.5...
CVE-2026-57705
CVE-2026-57705 affects the WordPress plugin Event Tickets (versions