9 matches found
Organizational Security Resource Estimation Via Vulnerability Queueing
We provide an approach that closely estimates an organization's cyber resources directly from vulnerability timestamps, using a non-stationary queueing framework. Traditional attack-surface metrics operate on static snapshots, ignoring the core attack-defense dynamics within information systems,...
CVE-2013-7480
The events-manager plugin before 5.3.6.1 for WordPress has XSS via the booking form and admin areas...
CVE-2025-6975
CVE-2025-6975 concerns the WordPress plugin Events Manager – Calendar, Bookings, Tickets, and more! Affected versions up to 7.0.3 are vulnerable to Reflected Cross‑Site Scripting via the calendar_header parameter due to insufficient input sanitization and output escaping. Exploitation requires no...
CVE-2024-38874
An issue was discovered in the events2 aka Events 2 extension before 8.3.8 and 9.x before 9.0.6 for TYPO3. Missing access checks in the management plugin lead to an insecure direct object reference IDOR vulnerability with the potential to activate or delete various events for unauthenticated user...
CVE-2025-47581
Deserialization of Untrusted Data vulnerability in elbisnero WordPress Events Calendar Registration & Tickets wpeventplus allows Object Injection.This issue affects WordPress Events Calendar Registration & Tickets: from n/a through = 2.6.0...
CVE-2024-8493 The Events Calendar < 6.6.4 - Admin+ Stored XSS
The Events Calendar WordPress plugin before 6.6.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-8016
The Events Calendar Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.0.2 via deserialization of untrusted input from the 'filters' parameter in widgets. This makes it possible for authenticated attackers, with administrator-level access and...
CVE-2024-23945
creationtimestamp| type| source ---|---|--- 2024-12-23 15:30:21+00:00| seen| https://infosec.exchange/users/cve/statuses/113702851117565346 2024-12-23 18:20:07+00:00| seen| https://t.me/cvedetector/13542 2024-12-25 05:04:08+00:00| seen|...
CVE-2022-40925
Zoo Management System v1.0 has an arbitrary file upload vulnerability in the picture upload point of the "saveevent" file of the "Events" module in the background management system...