Filtered by vendor Community Events Project
Subscriptions
Filtered by product Community Events
Subscriptions
Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-3313 | 1 Community Events Project | 1 Community Events | 2024-08-06 | N/A |
| SQL injection vulnerability in WordPress Community Events plugin before 1.4. | ||||
| CVE-2024-6270 | 1 Community Events Project | 1 Community Events | 2024-08-05 | 4.8 Medium |
| The Community Events WordPress plugin before 1.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2021-24496 | 1 Community Events Project | 1 Community Events | 2024-08-03 | 6.1 Medium |
| The Community Events WordPress plugin before 1.4.8 does not sanitise, validate or escape its importrowscount and successimportcount GET parameters before outputting them back in an admin page, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a logged in administrator | ||||
| CVE-2022-44742 | 1 Community Events Project | 1 Community Events | 2024-08-03 | 4.8 Medium |
| Auth. (admin+) Stored Cross-Site Scripting vulnerability in Yannick Lefebvre Community Events plugin <= 1.4.8 versions. | ||||
| CVE-2024-6271 | 1 Community Events Project | 1 Community Events | 2024-08-01 | 5.4 Medium |
| The Community Events WordPress plugin before 1.5 does not have CSRF check in place when deleting events, which could allow attackers to make a logged in admin delete arbitrary events via a CSRF attack | ||||
Page 1 of 1.