Vulnerabilities (CVE)

Filtered by vendor Community Events Project Subscribe
Filtered by product Community Events
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-6271 1 Community Events Project 1 Community Events 2024-08-01 N/A 5.4 MEDIUM
The Community Events WordPress plugin before 1.5 does not have CSRF check in place when deleting events, which could allow attackers to make a logged in admin delete arbitrary events via a CSRF attack
CVE-2022-44742 1 Community Events Project 1 Community Events 2024-02-28 N/A 4.8 MEDIUM
Auth. (admin+) Stored Cross-Site Scripting vulnerability in Yannick Lefebvre Community Events plugin <= 1.4.8 versions.
CVE-2021-24496 1 Community Events Project 1 Community Events 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
The Community Events WordPress plugin before 1.4.8 does not sanitise, validate or escape its importrowscount and successimportcount GET parameters before outputting them back in an admin page, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a logged in administrator
CVE-2015-3313 1 Community Events Project 1 Community Events 2024-02-28 7.5 HIGH 9.8 CRITICAL
SQL injection vulnerability in WordPress Community Events plugin before 1.4.