CVE-2024-6270
- EPSS 0.27%
- Veröffentlicht 05.08.2024 06:16:41
- Zuletzt bearbeitet 12.06.2025 16:59:44
The Community Events WordPress plugin before 1.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disa...
CVE-2024-6271
- EPSS 0.17%
- Veröffentlicht 22.07.2024 06:15:02
- Zuletzt bearbeitet 21.11.2024 09:49:19
The Community Events WordPress plugin before 1.5 does not have CSRF check in place when deleting events, which could allow attackers to make a logged in admin delete arbitrary events via a CSRF attack
CVE-2022-44742
- EPSS 0.11%
- Veröffentlicht 23.03.2023 12:15:12
- Zuletzt bearbeitet 21.11.2024 07:28:24
Auth. (admin+) Stored Cross-Site Scripting vulnerability in Yannick Lefebvre Community Events plugin <= 1.4.8 versions.
CVE-2021-24496
- EPSS 0.19%
- Veröffentlicht 02.08.2021 11:15:10
- Zuletzt bearbeitet 21.11.2024 05:53:10
The Community Events WordPress plugin before 1.4.8 does not sanitise, validate or escape its importrowscount and successimportcount GET parameters before outputting them back in an admin page, leading to a reflected Cross-Site Scripting issue which w...
CVE-2015-3313
- EPSS 18.46%
- Veröffentlicht 07.09.2017 20:29:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
SQL injection vulnerability in WordPress Community Events plugin before 1.4.