3 matches found
CVE-2022-0418
CVE-2022-0418 relates to the WordPress Event List plugin (versions prior to 0.8.8). The flaw is a stored Cross-Site Scripting (XSS) vulnerability caused by failing to sanitize and escape certain settings, allowing high-privilege users (e.g., admins) to inject JavaScript that can affect other admi...
CVE-2017-9429
The CVE-2017-9429 vulnerability affects the WordPress Event List plugin up to version 0.7.8. The issue is a SQL injection in the id parameter of wp-admin/admin.php, exploitable by an authenticated user to execute arbitrary SQL commands. Evidence across sources (Exploit-DB PoC, PatchStack remediat...
CVE-2017-12068
The CVE concerns the WordPress Event List plugin version 0.7.9, which contains an XSS flaw in the slug array parameter to wp-admin/admin.php during the el_admin_categories delete_bulk action. This can lead to script execution in contexts that render the affected slug value. The connected document...