Lucene search
K

87 matches found

Nuclei
Nuclei
added 19 hours ago20 views

The Events Calendar < 6.4.0.1 - Cross-site Scripting

The Events Calendar WordPress plugin 6.4.0.1 contains a stored XSS caused by improper sanitization of user-submitted content when rendering views via AJAX, letting attackers execute scripts in the context of the affected site. Exploitation requires user interaction. id: CVE-2024-4180 info: name:...

9.1CVSS6AI score0.01834EPSS
Exploits2References3
EUVD
EUVD
added 2026/06/17 6:35 p.m.8 views

EUVD-2025-210229

Subscriber SQL Injection in Events Schedule - WordPress Events Calendar Plugin = 2.7.2 versions...

8.5CVSS5.7AI score0.00342EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/17 9:50 a.m.28 views

CVE-2025-69135 WordPress Events Schedule - WordPress Events Calendar Plugin plugin <= 2.7.2 - SQL Injection vulnerability

Subscriber SQL Injection in Events Schedule - WordPress Events Calendar Plugin = 2.7.2 versions...

8.5CVSS0.00342EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2026/05/04 12:0 a.m.7 views

VulnCheck KEV: CVE-2025-9807

The The Events Calendar plugin for WordPress is vulnerable to time-based SQL Injection via the ‘s’ parameter in all versions up to, and including, 6.15.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possibl...

7.5CVSS5.9AI score0.00324EPSS
In wildExploits0References2
Patchstack
Patchstack
added 2026/03/11 8:30 a.m.6 views

WordPress The Events Calendar plugin <= 6.15.17 - Authenticated (Author+) Arbitrary File Read via ajax_create_import vulnerability

Authenticated Author+ Arbitrary File Read via ajaxcreateimport vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin The Events Calendar versions = 6.15.17...

7.5CVSS5.8AI score0.0035EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/10 3:33 a.m.3 views

CVE-2026-3585

The The Events Calendar plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 6.15.17 via the 'ajaxcreateimport' function. This makes it possible for authenticated attackers, with Author-level access and above, to read the contents of arbitrary files on the...

7.5CVSS6AI score0.0035EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.8 views

PT-2026-24176

Name of the Vulnerable Software and Affected Versions The Events Calendar plugin for WordPress versions prior to 6.15.18 Description The Events Calendar plugin for WordPress is susceptible to a Path Traversal issue in versions up to and including 6.15.17. This allows authenticated attackers with...

7.5CVSS5.8AI score0.0035EPSS
Exploits0References6
EUVD
EUVD
added 2026/02/26 12:31 a.m.5 views

EUVD-2026-8745

The The Events Calendar plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to an improper capability check on the 'canedit' and 'candelete' function in all versions up to, and including, 6.15.16. This makes it possible for authenticated attackers, with...

5.4CVSS5.4AI score0.00227EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/02/10 9:26 a.m.5 views

CVE-2026-1922

The The Events Calendar Shortcode & Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ecs-list-events shortcode message attribute in all versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS5.7AI score0.00245EPSS
Exploits0References5
CVE
CVE
added 2026/02/03 2:8 p.m.11 views

CVE-2026-24988

CVE-2026-24988 concerns a Stored XSS in WordPress plugin The Events Calendar Shortcode & Block, affected through version 3.1.1. The root cause is improper input handling during web-page generation (improper neutralization of input), enabling injection of malicious scripts. Multiple sources (Red H...

6.5CVSS5.2AI score0.00127EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/02/03 7:24 a.m.8 views

WordPress Add infos to the events calendar plugin <= 1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin Add infos to the events calendar versions = 1.4.1...

6.4CVSS5.4AI score0.00345EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/01/20 3:16 p.m.4 views

CVE-2025-15043

The The Events Calendar plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'startmigration', 'cancelmigration', and 'revertmigration' functions in all versions up to, and including, 6.15.13. This makes it possible for authenticated attackers, with...

5.4CVSS0.00188EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/20 2:26 p.m.17 views

CVE-2025-15043 The Events Calendar <= 6.15.13 - Missing Authorization to Authenticated (Subscriber+) Data Migration Control

The The Events Calendar plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'startmigration', 'cancelmigration', and 'revertmigration' functions in all versions up to, and including, 6.15.13. This makes it possible for authenticated attackers, with...

5.4CVSS0.00188EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/01/20 2:26 p.m.3 views

CVE-2025-15043

The The Events Calendar plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'startmigration', 'cancelmigration', and 'revertmigration' functions in all versions up to, and including, 6.15.13. This makes it possible for authenticated attackers, with...

5.4CVSS5.3AI score0.00188EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/06 4:36 p.m.5 views

CVE-2025-69348 WordPress The Events Calendar Countdown Addon plugin <= 1.4.15 - Broken Access Control vulnerability

Missing Authorization vulnerability in CoolHappy The Events Calendar Countdown Addon countdown-for-the-events-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Events Calendar Countdown Addon: from n/a through = 1.4.15...

4.3CVSS6.6AI score0.00152EPSS
Exploits0References1
CNVD
CNVD
added 2025/11/11 12:0 a.m.2 views

WordPress Plugin The Events Calendar Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. WordPress plugin The Events Calendar has an information disclosure vulnerability, the...

5.3CVSS5.8AI score0.00249EPSS
Exploits0References1
NVD
NVD
added 2025/11/05 10:15 a.m.7 views

CVE-2025-12192

The Events Calendar plugin for WordPress is vulnerable to information disclosure in versions up to, and including, 6.15.9. The sysinfo REST endpoint compares the provided key to the stored opt-in key using a loose comparison, allowing unauthenticated attackers to send a boolean value and obtain t...

5.3CVSS0.00249EPSS
Exploits0References2
NVD
NVD
added 2025/11/05 5:15 a.m.16 views

CVE-2025-12197

The The Events Calendar plugin for WordPress is vulnerable to blind SQL Injection via the 's' parameter in versions 6.15.1.1 to 6.15.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticat...

7.5CVSS0.16727EPSS
Exploits1References2
Patchstack
Patchstack
added 2025/11/05 1:33 a.m.7 views

WordPress The Events Calendar plugin <= 6.15.9 - Sysinfo Key Incorrect Comparison to Unauthenticated Sensitive Information Exposure vulnerability

Sysinfo Key Incorrect Comparison to Unauthenticated Sensitive Information Exposure vulnerability discovered by mikemyers in WordPress Plugin The Events Calendar versions = 6.15.9...

5.3CVSS6.6AI score0.00249EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/11/05 12:0 a.m.11 views

PT-2025-45070

Name of the Vulnerable Software and Affected Versions The Events Calendar plugin for WordPress versions 6.15.1.1 through 6.15.9 Description The Events Calendar plugin for WordPress is susceptible to a blind SQL injection issue. This is due to inadequate escaping of user-provided input and...

7.5CVSS7.2AI score0.16727EPSS
Exploits1References5
Rows per page
Query Builder