Community Events@* Security Vulnerabilities and Issues — Community Events@* CVE List

Lucene search

Community Events ProjectCommunity Events*

5 matches found

CVE•added 2017/09/07 8:29 p.m.•43 views

CVE-2015-3313

SQL injection vulnerability in WordPress Community Events plugin before 1.4.

9.8CVSS9.8AI score0.18463EPSS

CVE•added 2023/03/23 12:15 p.m.•43 views

CVE-2022-44742

Auth. (admin+) Stored Cross-Site Scripting vulnerability in Yannick Lefebvre Community Events plugin

4.8CVSS4.9AI score0.00081EPSS

CVE•added 2021/08/02 11:15 a.m.•39 views

CVE-2021-24496

The Community Events WordPress plugin before 1.4.8 does not sanitise, validate or escape its importrowscount and successimportcount GET parameters before outputting them back in an admin page, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a logged in adm...

6.1CVSS6.1AI score0.0021EPSS

CVE•added 2024/07/22 6:15 a.m.•36 views

CVE-2024-6271

The Community Events WordPress plugin before 1.5 does not have CSRF check in place when deleting events, which could allow attackers to make a logged in admin delete arbitrary events via a CSRF attack

5.4CVSS6.5AI score0.00089EPSS

CVE•added 2024/08/05 6:16 a.m.•19 views

CVE-2024-6270

The Community Events WordPress plugin before 1.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

4.8CVSS5.4AI score0.0013EPSS