CVE-2025-46228
- EPSS 0.02%
- Veröffentlicht 22.04.2025 09:53:21
- Zuletzt bearbeitet 30.04.2025 16:35:49
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bastien Ho Event post allows DOM-Based XSS. This issue affects Event post: from n/a through 5.9.11.
CVE-2024-10186
- EPSS 0.08%
- Veröffentlicht 06.11.2024 13:15:03
- Zuletzt bearbeitet 08.11.2024 19:21:48
The Event post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's events_cal shortcode in all versions up to, and including, 5.9.6 due to insufficient input sanitization and output escaping on user supplied attributes....
CVE-2024-1376
- EPSS 0.12%
- Veröffentlicht 24.05.2024 07:15:10
- Zuletzt bearbeitet 04.04.2025 18:08:49
The Event post plugin for WordPress is vulnerable to unauthorized bulk metadata update due to a missing capability check on the save_bulkdatas function in all versions up to, and including, 5.9.4. This makes it possible for authenticated attackers, w...
CVE-2023-49179
- EPSS 0.18%
- Veröffentlicht 15.12.2023 15:15:09
- Zuletzt bearbeitet 21.11.2024 08:32:59
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in N.O.U.S. Open Useful and Simple Event post allows Stored XSS.This issue affects Event post: from n/a through 5.8.6.