CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

88 matches found

RedhatCVE•added 2026/03/08 1:44 a.m.•3 views

CVE-2026-2429

The Community Events plugin for WordPress is vulnerable to SQL Injection via the 'cevenuename' CSV field in the onsavechangesvenues function in all versions up to, and including, 1.5.8. This is due to insufficient escaping on the user-supplied CSV data and lack of sufficient preparation on the...

4.9CVSS5.8AI score0.00035EPSS

Exploits0References1

EUVD•added 2026/03/07 3:30 a.m.•3 views

EUVD-2026-10099

4.9CVSS5.8AI score0.00035EPSS

Exploits0References5

Patchstack•added 2026/03/07 1:23 a.m.•3 views

WordPress Community Events plugin <= 1.5.8 - Authenticated (Administrator+) SQL Injection via 'ce_venue_name' CSV Field vulnerability

Authenticated Administrator+ SQL Injection via 'cevenuename' CSV Field vulnerability discovered by Bee - FPT University in WordPress Plugin Community Events versions = 1.5.8...

4.9CVSS5.8AI score0.00035EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2026/03/07 1:21 a.m.•0 views

CVE-2026-2429 Community Events <= 1.5.8 - Authenticated (Administrator+) SQL Injection via 'ce_venue_name' CSV Field

4.9CVSS5.8AI score0.00035EPSS

Exploits0References4

Cvelist•added 2026/03/07 1:21 a.m.•23 views

CVE-2026-2429 Community Events <= 1.5.8 - Authenticated (Administrator+) SQL Injection via 'ce_venue_name' CSV Field

4.9CVSS0.00035EPSS

Exploits0References4

ATTACKERKB•added 2026/03/07 1:21 a.m.•1 views

CVE-2026-2429

4.9CVSS5.8AI score0.00035EPSS

Exploits0References5

Positive Technologies•added 2026/03/07 12:0 a.m.•1 views

PT-2026-23814

The Community Events plugin for WordPress is vulnerable to SQL Injection via the 'ce venue name' CSV field in the on save changes venues function in all versions up to, and including, 1.5.8. This is due to insufficient escaping on the user-supplied CSV data and lack of sufficient preparation on t...

4.9CVSS5.8AI score0.00035EPSS

Exploits0References5

RedhatCVE•added 2026/02/19 1:28 p.m.•3 views

CVE-2026-1649

The Community Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cevenuename' parameter in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...

4.4CVSS5.7AI score0.00014EPSS

Exploits0References1

NVD•added 2026/02/18 9:15 a.m.•2 views

CVE-2026-1649

4.4CVSS0.00014EPSS

Exploits0References5

Cvelist•added 2026/02/18 8:26 a.m.•29 views

CVE-2026-1649 Community Events <= 1.5.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'ce_venue_name' Parameter

4.4CVSS0.00014EPSS

Exploits0References5

ATTACKERKB•added 2026/02/18 8:26 a.m.•3 views

CVE-2026-1649

4.4CVSS5.7AI score0.00014EPSS

Exploits0References6

Vulnrichment•added 2026/02/18 8:26 a.m.•3 views

CVE-2026-1649 Community Events <= 1.5.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'ce_venue_name' Parameter

4.4CVSS5.7AI score0.00014EPSS

Exploits0References5

Positive Technologies•added 2026/02/18 12:0 a.m.•2 views

PT-2026-20362

The Community Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ce venue name' parameter in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5.7AI score0.00014EPSS

Exploits0References6

CNVD•added 2025/10/15 12:0 a.m.•2 views

WordPress Community Events plugin SQL Injection Vulnerability

The WordPress Community Events plugin is a plugin that allows users to publish event information independently through a website form, while administrators can retain the right to final review of calendar content. WordPress Community Events plugin suffers from a SQL injection vulnerability that...

9.8CVSS7.7AI score0.0005EPSS

Exploits0References1

RedhatCVE•added 2025/10/10 1:57 a.m.•4 views

CVE-2025-10586

The Community Events plugin for WordPress is vulnerable to SQL Injection via the ‘eventvenue’ parameter in all versions up to, and including, 1.5.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

9.8CVSS6.6AI score0.0005EPSS

Exploits0References1

NVD•added 2025/10/09 2:15 a.m.•5 views

CVE-2025-10586

9.8CVSS0.0005EPSS

Exploits0References4

EUVD•added 2025/10/09 1:48 a.m.•3 views

EUVD-2025-33267

9.8CVSS6.1AI score0.0005EPSS

Exploits0References6

Cvelist•added 2025/10/09 1:48 a.m.•7 views

CVE-2025-10586 Community Events <= 1.5.1 - Unauthenticated SQL Injection

9.8CVSS0.0005EPSS

Exploits0References4

CVE•added 2025/10/09 1:48 a.m.•19 views

CVE-2025-10586

Summary: CVE-2025-10586 affects the WordPress Plugin “Community Events.” The vulnerability is a SQL injection in the event_venue parameter for versions up to and including 1.5.1, caused by insufficient escaping of user input and inadequate preparation of the SQL query. Impact: Authenticated attac...

9.8CVSS6.2AI score0.0005EPSS

Exploits0References4

Vulnrichment•added 2025/10/09 1:48 a.m.•2 views

CVE-2025-10586 Community Events <= 1.5.1 - Unauthenticated SQL Injection

9.8CVSS6.2AI score0.0005EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by