PT-2026-20364

The WP Event Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp events' shortcode in all versions up to, and including, 1.8.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-68047 WordPress Eventin plugin <= 4.1.3 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Arraytics Eventin wp-event-solution allows Object Injection.This issue affects Eventin: from n/a through = 4.1.3...

PT-2026-4071

Name of the Vulnerable Software and Affected Versions Arraytics Eventin versions through 4.1.1 Description The software contains a flaw due to deserialization of untrusted data, which allows for object injection. This could potentially allow an attacker to compromise the system. Recommendations...

CVE-2025-69012 WordPress Event Organiser plugin <= 3.12.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in Stephen Harris Event Organiser event-organiser allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Organiser: from n/a through = 3.12.8...

CVE-2025-66083

Missing Authorization vulnerability in magepeopleteam WpEvently mage-eventpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpEvently: from n/a through = 5.0.4...

CVE-2025-62042

CVE-2025-62042 is a Cross-Site Scripting (XSS) vulnerability in the WordPress plugin “Event post” (event-post) affecting versions up to and including 5.10.3. The issue stems from improper input neutralization during web page generation, enabling an attacker to inject malicious scripts. Exploitati...

EUVD-2017-9692

Malware in sbrugna...

EUVD-2025-24788

Malicious code in bioql PyPI...

EUVD-2024-32999

Malicious code in bioql PyPI...

EUVD-2025-24787

Malicious code in bioql PyPI...

CVE-2025-6366

CVE-2025-6366 – The Event List WordPress plugin (versions ≤ 2.0.4) is vulnerable to privilege escalation due to insufficient validation of user capabilities in el_update_profile(). Authenticated users with Subscriber+ can elevate to administrator. Evidence from Wordfence/NVD/CVE records indicates...

CVE-2025-52730

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themefunction WordPress Event Manager, Event Calendar and Booking Plugin eventin-pro allows Stored XSS.This issue affects WordPress Event Manager, Event Calendar and Booking Plugin: from n/a throug...

CVE-2025-52731

Missing Authorization vulnerability in themefunction WordPress Event Manager, Event Calendar and Booking Plugin eventin-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Event Manager, Event Calendar and Booking Plugin: from n/a through =...

CVE-2025-52731

Missing Authorization vulnerability in themefunction WordPress Event Manager, Event Calendar and Booking Plugin eventin-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Event Manager, Event Calendar and Booking Plugin: from n/a through =...

CVE-2025-52730

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themefunction WordPress Event Manager, Event Calendar and Booking Plugin eventin-pro allows Stored XSS.This issue affects WordPress Event Manager, Event Calendar and Booking Plugin: from n/a throug...

CVE-2025-52731 WordPress WordPress Event Manager, Event Calendar and Booking Plugin Plugin <= 4.0.24 - Arbitrary Content Deletion Vulnerability

Missing Authorization vulnerability in themefunction WordPress Event Manager, Event Calendar and Booking Plugin eventin-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Event Manager, Event Calendar and Booking Plugin: from n/a through =...

CVE-2025-52730 WordPress WordPress Event Manager, Event Calendar and Booking Plugin Plugin <= 4.0.24 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themefunction WordPress Event Manager, Event Calendar and Booking Plugin eventin-pro allows Stored XSS.This issue affects WordPress Event Manager, Event Calendar and Booking Plugin: from n/a throug...

CVE-2025-52730

CVE-2025-52730 affects WordPress Event Manager, Event Calendar and Booking Plugin (WordPress Event Manager, Event Calendar and Booking Plugin) versions up to 4.0.24. It is a Stored Cross-Site Scripting (XSS) caused by improper input neutralization during web page generation. The CVSS 3.1 base met...

CVE-2025-52731

CVE-2025-52731 affects WordPress WordPress Event Manager, Event Calendar and Booking Plugin (≤ 4.0.24). A Missing Authorization flaw in the plugin’s theme function allows unauthenticated access to delete content (Arbitrary Content Deletion). Public details identify the affected versions and impac...

WordPress plugin WordPress Event Manager, Event Calendar and Booking Plugin 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability in th...