6 matches found
VulnCheck KEV: CVE-2025-9807
The The Events Calendar plugin for WordPress is vulnerable to time-based SQL Injection via the ‘s’ parameter in all versions up to, and including, 6.15.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possibl...
CVE-2019-15109
The the-events-calendar plugin before 4.8.2 for WordPress has XSS via the tribepaged URL parameter...
CVE-2024-12118 The Events Calendar <= 6.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The The Events Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Event Calendar Link Widget through the htmltag attribute in all versions up to, and including, 6.9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...
WordPress Subscriber Addons for The Events Calendar Plugin <= 5.5 is vulnerable to Cross Site Scripting (XSS)
Software Subscriber Addons for The Events Calendar Type Plugin Vulnerable versions = 5.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID faec0e8594b3 Credits Rafie...
WordPress Slider Addons for The Events Calendar plugin < 1.0.1 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Slider Addons for The Events Calendar plugin versions 1.0.1. Solution Update the WordPress Slider Addons for The Events Calendar plugin to the latest available version at least 1.0.1...
WordPress The Events Calendar Plugin < 4.8.2 XSS Vulnerability
The WordPress plugin Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the...