1.3.3

DATE	CVE	VULNERABILITY TITLE	RISK
2024-07-22	CVE-2024-6271	Cross-Site Request Forgery (CSRF) vulnerability in Community Events Project Community Events The Community Events WordPress plugin before 1.5 does not have CSRF check in place when deleting events, which could allow attackers to make a logged in admin delete arbitrary events via a CSRF attack network low complexity community-events-project CWE-352	5.4
2023-03-23	CVE-2022-44742	Cross-site Scripting vulnerability in Community Events Project Community Events Auth. network low complexity community-events-project CWE-79	4.8
2021-08-02	CVE-2021-24496	Cross-site Scripting vulnerability in Community Events Project Community Events The Community Events WordPress plugin before 1.4.8 does not sanitise, validate or escape its importrowscount and successimportcount GET parameters before outputting them back in an admin page, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a logged in administrator network community-events-project CWE-79	4.3
2017-09-07	CVE-2015-3313	SQL Injection vulnerability in Community Events Project Community Events SQL injection vulnerability in WordPress Community Events plugin before 1.4. network low complexity community-events-project CWE-89	7.5