Lucene search
K
StellarwpThe Events Calendar

9 matches found

CVE
CVE
added 2024/09/25 4:30 a.m.149 views

CVE-2024-8275

The Events Calendar (WordPress plugin) is affected by CVE-2024-8275: an unauthenticated SQL injection via the order parameter in tribe_has_next_event() that affects all versions up to 6.6.4. The issue stems from insufficient escaping of user input and inadequate SQL query preparation, allowing an...

9.8CVSS9.8AI score0.49483EPSS
CVE
CVE
added 2024/12/16 6:0 a.m.115 views

CVE-2024-5333

The Events Calendar WordPress plugin (vendor: stellarwp) before version 6.8.2.1 has missing access checks in its REST API, allowing unauthenticated users to access information about password-protected events. The NVD/Nuclei and related sources confirm this information disclosure vector with explo...

5.3CVSS6.5AI score0.01092EPSS
CVE
CVE
added 2025/06/11 12:22 p.m.81 views

CVE-2025-5144

CVE-2025-5144 affects The Events Calendar plugin for WordPress. The issue is a DOM-based Stored Cross-Site Scripting vulnerability via the data-date-* parameters in all versions up to 6.13.2, caused by insufficient input sanitization and output escaping. Exploitation requires authentication at Co...

6.4CVSS5.7AI score0.00218EPSS
CVE
CVE
added 2024/02/05 9:22 p.m.80 views

CVE-2023-6557

CVE-2023-6557 concerns The Events Calendar plugin for WordPress. Affected: The Events Calendar versions up to and including 6.2.8.2. Root cause: a route function hooked into wp_ajax_nopriv_tribe_dropdown allows unauthenticated access, enabling potential exposure of sensitive data such as post tit...

5.3CVSS5.1AI score0.00562EPSS
CVE
CVE
added 2024/06/04 6:0 a.m.60 views

CVE-2024-4180

CVE-2024-4180 affects The Events Calendar WordPress plugin (versions before 6.4.0.1). The issue is an improper sanitization of user-submitted content when rendering certain AJAX views, which enables cross-site scripting (XSS) in the context of the affected site. Affected product and root cause ar...

9.1CVSS7.1AI score0.01834EPSS
Web
CVE
CVE
added 2024/09/27 8:46 a.m.59 views

CVE-2024-6931

The CVE pertains to WordPress The Events Calendar plugin. Affected: The Events Calendar plugin for WordPress, versions up to and including 6.6.3. Root cause: Stored Cross-Site Scripting via the RSVP name field due to insufficient input sanitization and output escaping. Impact: unauthenticated att...

7.2CVSS5.9AI score0.1719EPSS
CVE
CVE
added 2023/12/18 8:7 p.m.56 views

CVE-2023-6203

The CVE concerns The Events Calendar WordPress plugin, specifically versions prior to 6.2.8.1. The vulnerability is an information disclosure where unauthenticated users can read the content of password-protected posts via a crafted request. The root cause is described across multiple sources as ...

7.5CVSS7.5AI score0.00776EPSS
Web
CVE
CVE
added 2019/08/21 11:50 a.m.52 views

CVE-2019-15109

The CVE-2019-15109 entry relates to WordPress plugin The Events Calendar (prior to version 4.8.2) and is caused by an XSS flaw in the tribe_paged URL parameter. Exploitation could enable client-side code execution. Affected software is the Events Calendar plugin for WordPress; vulnerable componen...

6.1CVSS6AI score0.0106EPSS
CVE
CVE
added 2025/05/15 8:7 p.m.31 views

CVE-2024-8493

CVE-2024-8493 links to The Events Calendar WordPress plugin prior to 6.6.4. The issue: settings are not properly sanitised/escaped, allowing Stored XSS by high-privilege users (e.g., Admin) even when unfiltered_html is disallowed (notably in multisite). Affected: The Events Calendar plugin

4.8CVSS5.7AI score0.0032EPSS