15 matches found
CVE-2026-2387
The Event Organiser plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.12.9. This is due to the 'eoevents' shortcode accepting attacker-controlled 'noevents' content and rendering it in event list templates without output escaping. This makes...
EUVD-2026-40904
The Event Organiser plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.12.9. This is due to the 'eoevents' shortcode accepting attacker-controlled 'noevents' content and rendering it in event list templates without output escaping. This makes...
CVE-2026-2387 Event Organiser <= 3.12.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via eo_events Shortcode
The Event Organiser plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.12.9. This is due to the 'eoevents' shortcode accepting attacker-controlled 'noevents' content and rendering it in event list templates without output escaping. This makes...
CVE-2026-2387
The CVE-2026-2387 entry concerns the WordPress Event Organiser plugin (versions up to and including 3.12.9). The vulnerability is a Stored Cross-Site Scripting flaw in the eo_events shortcode: attacker-controlled no_events content is rendered in event list templates without output escaping, allow...
WordPress Event Organiser plugin <= 3.12.9 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Event Organiser versions = 3.12.9...
CVE-2025-69012
Missing Authorization vulnerability in Stephen Harris Event Organiser event-organiser allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Organiser: from n/a through = 3.12.8...
EUVD-2025-205732
Missing Authorization vulnerability in Stephen Harris Event Organiser event-organiser allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Organiser: from n/a through = 3.12.8...
CVE-2025-69012
Missing Authorization vulnerability in Stephen Harris Event Organiser event-organiser allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Organiser: from n/a through = 3.12.8...
CVE-2025-69012 WordPress Event Organiser plugin <= 3.12.8 - Broken Access Control vulnerability
Missing Authorization vulnerability in Stephen Harris Event Organiser event-organiser allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Organiser: from n/a through = 3.12.8...
CVE-2025-69012 WordPress Event Organiser plugin <= 3.12.8 - Broken Access Control vulnerability
Missing Authorization vulnerability in Stephen Harris Event Organiser event-organiser allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Organiser: from n/a through = 3.12.8...
CVE-2025-69012
Technical details for CVE-2025-69012 are not provided in the supplied documents. Monitor for updates from vendors or vulnerability databases.
WordPress plugin Event Organiser 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
PT-2025-53893
Name of the Vulnerable Software and Affected Versions Stephen Harris Event Organiser event-organiser versions through 3.12.8 Description An issue exists in Stephen Harris Event Organiser event-organiser related to incorrectly configured access control security levels, potentially allowing...
WordPress Event Organiser plugin <= 3.12.8 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Doan Dinh Van in WordPress Plugin Event Organiser versions = 3.12.8...
Facebook scams: Bad ads, bogus grants, and fake tickets lurk on social media giant
We recently highlighted new steps Instagram is taking to try and clamp down on scammers sending fake messages on their platform. It turns out, other social media giants are walking a similar path for a variety of bogus ads and other attacks. Facebook scams in particular have taken off, despite th...