CVE-2022-0418

The Event List WordPress plugin before 0.8.8 does not sanitise and escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks against other admin even when the unfilteredhtml is disallowed...

EUVD-2017-3654

Malware in sbrugna...

EUVD-2017-18364

Malware in sbrugna...

EUVD-2025-28729

Malicious code in bioql PyPI...

CVE-2025-6366

The Event List plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.0.4. This is due to the plugin not properly validating a user's capabilities prior to updating their profile in the elupdateprofile function. This makes it possible for authenticated...

CVE-2025-6366 Event List <= 2.0.4 - Authenticated (Subscriber+) Privilege Escalation

The Event List plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.0.4. This is due to the plugin not properly validating a user's capabilities prior to updating their profile in the elupdateprofile function. This makes it possible for authenticated...

WordPress plugin Event List 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in PHP. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in WordPress plugin Event List...

WordPress Event List plugin跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Event List plugin versions prior to 0.8.8 contain a cross-site scripting vulnerability that stems...

WordPress plugin Event List 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Event List plugin versions prior to 0.8.8 contain a cross-site scripting vulnerability that stems...

WordPress Event List plugin <= 0.8.6 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Akash Rajendra Patil in WordPress Event List plugin versions = 0.8.6. Solution Deactivate and delete. This plugin has been closed as of January 31, 2022 and is not available for download. Reason: Security Issue...

WordPress Event List Plugin Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports PHP and MySQL servers to set up a personal blog site . Event List is one of the event list plugin . A cross-site scripting vulnerability exists in version 0.7.9 of th...

Design/Logic Flaw

The Event List plugin 0.7.9 for WordPress has XSS in the slug array parameter to wp-admin/admin.php in an eladmincategories deletebulk action...

CVE-2017-12068

The Event List plugin 0.7.9 for WordPress has XSS in the slug array parameter to wp-admin/admin.php in an eladmincategories deletebulk action...

CVE-2017-12068

The Event List plugin 0.7.9 for WordPress has XSS in the slug array parameter to wp-admin/admin.php in an eladmincategories deletebulk action...

CVE-2017-12068

The CVE concerns the WordPress Event List plugin version 0.7.9, which contains an XSS flaw in the slug array parameter to wp-admin/admin.php during the el_admin_categories delete_bulk action. This can lead to script execution in contexts that render the affected slug value. The connected document...

WordPress Event List Plugin SQL Injection Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports PHP and MySQL servers to set up a personal blog site . Event List is one of the event list plugin . SQL injection commands exist in version 0.7.8 of the WordPress Eve...

WordPress Event List Plugin <= 0.7.8 - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: WordPress Plugin Event List = 0.7.8 - SQL Injection Date: 04-06-2017 Exploit Author: Dimitrios Tsagkarakis Website: dtsa.eu Software Link: https://wordpress.org/plugins/event-list/ Version: 0.7.8 CVE : CVE-2017-9429 Category:...

CVE-2017-9429

SQL injection vulnerability in the Event List plugin 0.7.8 for WordPress allows an authenticated user to execute arbitrary SQL commands via the id parameter to wp-admin/admin.php...

CVE-2017-9429

SQL injection vulnerability in the Event List plugin 0.7.8 for WordPress allows an authenticated user to execute arbitrary SQL commands via the id parameter to wp-admin/admin.php...

Sql injection

SQL injection vulnerability in the Event List plugin 0.7.8 for WordPress allows an authenticated user to execute arbitrary SQL commands via the id parameter to wp-admin/admin.php...