CVE-2025-46228
- EPSS 0.13%
- Veröffentlicht 22.04.2025 09:53:21
- Zuletzt bearbeitet 01.04.2026 17:23:27
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bastien Ho Event post event-post allows DOM-Based XSS.This issue affects Event post: from n/a through <= 5.9.11.
CVE-2024-10186
- EPSS 0.39%
- Veröffentlicht 06.11.2024 13:15:03
- Zuletzt bearbeitet 08.11.2024 19:21:48
The Event post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's events_cal shortcode in all versions up to, and including, 5.9.6 due to insufficient input sanitization and output escaping on user supplied attributes....
CVE-2024-1376
- EPSS 0.12%
- Veröffentlicht 24.05.2024 07:15:10
- Zuletzt bearbeitet 08.04.2026 18:20:35
The Event post plugin for WordPress is vulnerable to unauthorized bulk metadata update due to a missing capability check on the save_bulkdatas function in all versions up to, and including, 5.9.4. This makes it possible for authenticated attackers, w...
CVE-2023-49179
- EPSS 0.18%
- Veröffentlicht 15.12.2023 15:15:09
- Zuletzt bearbeitet 21.11.2024 08:32:59
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in N.O.U.S. Open Useful and Simple Event post allows Stored XSS.This issue affects Event post: from n/a through 5.8.6.