Vulnerabilities > Theeventscalendar

DATE	CVE	VULNERABILITY TITLE	RISK
2025-01-23	CVE-2024-12118	Cross-site Scripting vulnerability in Theeventscalendar the Events Calendar The The Events Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Event Calendar Link Widget through the html_tag attribute in all versions up to, and including, 6.9.0 due to insufficient input sanitization and output escaping. network low complexity theeventscalendar CWE-79	5.4
2024-08-30	CVE-2024-8016	Deserialization of Untrusted Data vulnerability in Theeventscalendar Events Calendar PRO The Events Calendar Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.0.2 via deserialization of untrusted input from the 'filters' parameter in widgets. network low complexity theeventscalendar CWE-502	7.2
2022-01-17	CVE-2021-25024	Unspecified vulnerability in Theeventscalendar Eventcalendar The EventCalendar WordPress plugin before 1.1.51 does not escape some user input before outputting it back in attributes, leading to Reflected Cross-SIte Scripting issues network low complexity theeventscalendar	6.1
2022-01-17	CVE-2021-25025	Unspecified vulnerability in Theeventscalendar Eventcalendar The EventCalendar WordPress plugin before 1.1.51 does not have proper authorisation and CSRF checks in the add_calendar_event AJAX actions, allowing users with a role as low as subscriber to create events network low complexity theeventscalendar	4.3

Vulnerabilities > Theeventscalendar {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Theeventscalendar"}]}