Vulnerabilities > Theeventscalendar

DATE	CVE	VULNERABILITY TITLE	RISK
2024-08-30	CVE-2024-8016	Deserialization of Untrusted Data vulnerability in Theeventscalendar Events Calendar PRO The Events Calendar Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.0.2 via deserialization of untrusted input from the 'filters' parameter in widgets. network low complexity theeventscalendar CWE-502	7.2
2022-01-17	CVE-2021-25024	Cross-site Scripting vulnerability in Theeventscalendar Eventcalendar The EventCalendar WordPress plugin before 1.1.51 does not escape some user input before outputting it back in attributes, leading to Reflected Cross-SIte Scripting issues network low complexity theeventscalendar CWE-79	6.1
2022-01-17	CVE-2021-25025	Missing Authorization vulnerability in Theeventscalendar Eventcalendar The EventCalendar WordPress plugin before 1.1.51 does not have proper authorisation and CSRF checks in the add_calendar_event AJAX actions, allowing users with a role as low as subscriber to create events network low complexity theeventscalendar CWE-862	4.3

Vulnerabilities > Theeventscalendar {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Theeventscalendar"}]}