| CVE-2025-24537 | WordPress The Events Calendar plugin <= 6.7.0 - Cross Site Request Forgery (CSRF) vulnerability | StellarWP | The Events Calendar | Medium | 5.4 | 2025-01-27 14:22:15 | Deep Dive |
| CVE-2025-24723 | WordPress Booking Calendar Contact Form Plugin <= 1.2.55 - Stored Cross Site Scripting (XSS) vulnerability | codepeople | Booking Calendar Contact Form | Medium | 5.9 | 2025-01-24 17:25:13 | Deep Dive |
| CVE-2024-12118 | The Events Calendar <= 6.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | stellarwp | The Events Calendar | Medium | 6.4 | 2025-01-23 11:13:30 | Deep Dive |
| CVE-2025-22719 | WordPress VikAppointments Services Booking Calendar plugin <= 1.2.16 - CSRF to Stored XSS vulnerability | e4jvikwp | VikAppointments Services Booking Calendar | High | 7.1 | 2025-01-21 13:57:35 | Deep Dive |
| CVE-2024-11870 | Event Registration Calendar By vcita <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | vcita | Event Registration Calendar By vcita | Medium | 6.4 | 2025-01-15 07:10:47 | Deep Dive |
| CVE-2024-13323 | Booking Calendar <= 10.9.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via 'booking' Shortcode | wpdevelop | Booking Calendar | Medium | 6.4 | 2025-01-14 05:24:39 | Deep Dive |
| CVE-2024-12274 | BookingPress < 1.1.23 - Unauthenticated Export File Download | Unknown | Appointment Booking Calendar Plugin and Scheduling Plugin | 高危 | - | 2025-01-13 06:00:01 | Deep Dive |
| CVE-2024-12077 | Booking Calendar and Booking Calendar Pro <= Multiple Versions - Reflected Cross-Site Scripting via 'calendar_id' | wpdevart | Booking calendar, Appointment Booking System | Medium | 6.1 | 2025-01-07 07:22:34 | Deep Dive |
| CVE-2024-37518 | WordPress The Events Calendar plugin <= 6.5.1.4 - Cross Site Request Forgery (CSRF) vulnerability | StellarWP | The Events Calendar | Medium | 4.3 | 2025-01-02 12:01:01 | Deep Dive |
| CVE-2024-10856 | Booking Calendar WpDevArt <= 3.2.19 - Authenticated (Contributor+) SQL Injection | wpdevart | Booking calendar, Appointment Booking System | Medium | 6.5 | 2024-12-24 11:09:51 | Deep Dive |
| CVE-2024-11726 | Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress <= 1.1.21 - Authenticated (Contributor+) SQL Injection | reputeinfosystems | Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress | Medium | 6.5 | 2024-12-24 11:09:50 | Deep Dive |
| CVE-2024-12024 | EventPrime – Events Calendar, Bookings and Tickets <= 4.0.7.3 - Unauthenticated Stored Cross-Site Scripting via Ticket Category and Ticket Type Name | metagauss | EventPrime – Events Calendar, Bookings and Tickets | High | 7.2 | 2024-12-17 09:22:42 | Deep Dive |
| CVE-2024-54356 | WordPress Online Booking & Scheduling Calendar for WordPress by vcita plugin <= 4.5 - Cross Site Request Forgery (CSRF) vulnerability | vcita | Online Booking & Scheduling Calendar for WordPress by vcita | Medium | 5.4 | 2024-12-16 14:14:13 | Deep Dive |
| CVE-2024-5333 | The Events Calendar < 6.8.2.1 - Unauthenticated Password Protected Event Disclosure | Unknown | The Events Calendar | 中危 | - | 2024-12-16 06:00:06 | Deep Dive |
| CVE-2024-11855 | Koalendar – Events & Appointments Booking Calendar <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via height Parameter | koalendar | Koalendar – Easy Appointment Scheduling & Booking Plugin | Medium | 6.4 | 2024-12-14 04:23:46 | Deep Dive |
| CVE-2023-35777 | WordPress The Events Calendar plugin <= 6.1.2.2 - Broken Access Control vulnerability | StellarWP | The Events Calendar | Medium | 5.3 | 2024-12-13 14:23:40 | Deep Dive |
| CVE-2024-11275 | WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin <= 1.0.27 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Deletion | arraytics | Timetics – Appointment Booking & Scheduling | Medium | 4.3 | 2024-12-13 08:24:52 | Deep Dive |
| CVE-2024-11875 | Add infos to the events calendar <= 1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | hage | Add infos to The Events Calendar | Medium | 6.4 | 2024-12-12 04:23:11 | Deep Dive |
| CVE-2023-23814 | WordPress Calendar Event Multi View plugin <= 1.4.13 - Broken Access Control vulnerability | codepeople | CP Multi View Event Calendar | Low | 3.8 | 2024-12-09 11:31:51 | Deep Dive |
| CVE-2023-24407 | WordPress Booking calendar, Appointment Booking System plugin <= 3.2.3 - Broken Access Control vulnerability | wpdevart | Booking calendar, Appointment Booking System | Medium | 5.0 | 2024-12-09 11:31:40 | Deep Dive |