3 matches found
EUVD-2026-40904
The Event Organiser plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.12.9. This is due to the 'eoevents' shortcode accepting attacker-controlled 'noevents' content and rendering it in event list templates without output escaping. This makes...
CVE-2025-69012 WordPress Event Organiser plugin <= 3.12.8 - Broken Access Control vulnerability
Missing Authorization vulnerability in Stephen Harris Event Organiser event-organiser allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Organiser: from n/a through = 3.12.8...
WordPress Event Organiser plugin <= 3.12.8 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Doan Dinh Van in WordPress Plugin Event Organiser versions = 3.12.8...