171 matches found
EUVD-2026-36961
Contributor PHP Object Injection in Events Calendar for GeoDirectory = 2.3.25 versions...
EUVD-2026-36951
Unauthenticated SQL Injection in GeoDirectory = 2.8.152 versions...
CVE-2026-39532
Contributor PHP Object Injection in Events Calendar for GeoDirectory = 2.3.25 versions...
CVE-2026-39512
Unauthenticated SQL Injection in GeoDirectory = 2.8.152 versions...
CVE-2026-39532 WordPress Events Calendar for GeoDirectory plugin <= 2.3.25 - PHP Object Injection vulnerability
Contributor PHP Object Injection in Events Calendar for GeoDirectory = 2.3.25 versions...
CVE-2026-39532
The CVE-2026-39532 affects WordPress plugin “Events Calendar for GeoDirectory” up to version 2.3.25, with a PHP Object Injection vulnerability in Contributor PHP Object Injection in Events Calendar for GeoDirectory <= 2.3.25. The associated CVSS v3.1 score is 8.8 (HIGH), vector: CVSS:3.1/AV:N/...
CVE-2026-39512 WordPress GeoDirectory plugin <= 2.8.152 - SQL Injection vulnerability
Unauthenticated SQL Injection in GeoDirectory = 2.8.152 versions...
CVE-2026-39512
WordPress GeoDirectory plugin ≤ 2.8.152 contains an Unauthenticated SQL Injection vulnerability. Affects that plugin version, enabling network-based attacks with no authentication; CVSSv3.1 base score 9.3 (CRITICAL) with high confidentiality impact and low availability impact. Connected sources p...
CVE-2026-11616
The Events Calendar for GeoDirectory plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 2.3.28. This is due to the ajaxayiaction handler only applying striptagsescsql — with no allow-list — to the attacker-controlled $POST'type' and $POST'postid' values...
WordPress Events Calendar for GeoDirectory plugin <= 2.3.28 - Authenticated (Subscriber+) Privilege Escalation vulnerability
Authenticated Subscriber+ Privilege Escalation vulnerability discovered by Mitchell in WordPress Plugin Events Calendar for GeoDirectory versions = 2.3.28...
CVE-2026-11616 Events Calendar for GeoDirectory <= 2.3.28 - Authenticated (Subscriber+) Privilege Escalation
The Events Calendar for GeoDirectory plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 2.3.28. This is due to the ajaxayiaction handler only applying striptagsescsql — with no allow-list — to the attacker-controlled $POST'type' and $POST'postid' values...
CVE-2026-11616
The CVE pertains to the WordPress plugin Events Calendar for GeoDirectory, affected in versions up to and including 2.3.28. The root cause is an ajax_ayi_action() path that applies strip_tags(esc_sql()) without an allow-list to attacker-controlled POST values, forwarding them to update_ayi_data()...
CVE-2026-11616 Events Calendar for GeoDirectory <= 2.3.28 - Authenticated (Subscriber+) Privilege Escalation
The Events Calendar for GeoDirectory plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 2.3.28. This is due to the ajaxayiaction handler only applying striptagsescsql — with no allow-list — to the attacker-controlled $POST'type' and $POST'postid' values...
EUVD-2026-35375
The Events Calendar for GeoDirectory plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 2.3.28. This is due to the ajaxayiaction handler only applying striptagsescsql — with no allow-list — to the attacker-controlled $POST'type' and $POST'postid' values...
PT-2026-47711
Name of the Vulnerable Software and Affected Versions The Events Calendar for GeoDirectory plugin for WordPress versions prior to 2.3.29 Description Authenticated attackers with Subscriber-level access or higher can elevate their privileges to Administrator. This occurs because the ajax ayi actio...
WordPress plugin Events Calendar for GeoDirectory 安全漏洞
WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the functionality of WordPress. There is a security vulnerability in the Events Calendar...
CVE-2026-42671
Missing Authorization vulnerability in Paolo GeoDirectory allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GeoDirectory: from n/a through 2.8.157...
CVE-2026-42671
Missing Authorization vulnerability in Paolo GeoDirectory allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GeoDirectory: from n/a through 2.8.157...
EUVD-2026-33692
Missing Authorization vulnerability in Paolo GeoDirectory allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GeoDirectory: from n/a through 2.8.157...
CVE-2026-42671 WordPress GeoDirectory plugin <= 2.8.157 - Broken Access Control vulnerability
Missing Authorization vulnerability in Paolo GeoDirectory allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GeoDirectory: from n/a through 2.8.157...