CVE-2025-14548 Calendar <= 1.3.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'event_desc'

The Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'eventdesc' parameter in all versions up to, and including, 1.3.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access a...

Sql injection

Multiple SQL injection vulnerabilities in myEvent 1.x allow remote attackers to inject arbitrary SQL commands via the eventid parameter to 1 addevent.php or 2 del.php or 3 eventdesc parameter to addevent.php. NOTE: the provenance of this information is unknown; the details are obtained solely fro...

Cross site scripting

Cross-site scripting vulnerability in addevent.php in myEvent 1.x allows remote attackers to inject arbitrary web script or HTML via the eventdesc parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2006-1908

Cross-site scripting vulnerability in addevent.php in myEvent 1.x allows remote attackers to inject arbitrary web script or HTML via the eventdesc parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...