Vulnerabilities > Stellarwp > THE Events Calendar > 6.6.0.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-27 | CVE-2024-6931 | Cross-site Scripting vulnerability in Stellarwp the Events Calendar The The Events Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via RSVP name field in all versions up to, and including, 6.6.3 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-09-25 | CVE-2024-8275 | SQL Injection vulnerability in Stellarwp the Events Calendar The The Events Calendar plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'tribe_has_next_event' function in all versions up to, and including, 6.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 9.8 |