| CVE-2025-15043 | The Events Calendar <= 6.15.13 - Missing Authorization to Authenticated (Subscriber+) Data Migration Control | stellarwp | The Events Calendar | Medium | 5.4 | 2026-01-20 14:26:33 | Deep Dive |
| CVE-2025-14507 | EventPrime - Events Calendar, Bookings and Tickets <= 4.2.7.0 - Unauthenticated Sensitive Information Exposure via REST API | metagauss | EventPrime – Events Calendar, Bookings and Tickets | Medium | 5.3 | 2026-01-13 13:49:13 | Deep Dive |
| CVE-2025-14720 | Booking for Appointments and Events Calendar – Amelia <= 1.2.38 - Missing Authorization to Unauthenticated Multiple AJAX Actions | ameliabooking | Booking for Appointments and Events Calendar – Amelia | Medium | 5.3 | 2026-01-09 06:34:54 | Deep Dive |
| CVE-2025-69352 | WordPress The Events Calendar plugin <= 6.15.12.2 - Broken Access Control vulnerability | StellarWP | The Events Calendar | Medium | 5.4 | 2026-01-06 16:36:41 | Deep Dive |
| CVE-2025-69348 | WordPress The Events Calendar Countdown Addon plugin <= 1.4.15 - Broken Access Control vulnerability | CoolHappy | The Events Calendar Countdown Addon | Medium | 4.3 | 2026-01-06 16:36:40 | Deep Dive |
| CVE-2025-68979 | WordPress Google Calendar Events plugin <= 3.5.9 - Insecure Direct Object References (IDOR) vulnerability | SimpleCalendar | Google Calendar Events | Medium | 5.3 | 2025-12-30 10:47:49 | Deep Dive |
| CVE-2025-12976 | Events Manager <= 7.2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'events_list_grouped' Shortcode | netweblogic | Events Manager – Calendar, Bookings, Tickets, and more! | Medium | 6.4 | 2025-12-18 07:20:46 | Deep Dive |
| CVE-2025-12408 | Events Manager <= 7.2.2.2 - Unauthenticated Information Exposure | netweblogic | Events Manager – Calendar, Bookings, Tickets, and more! | Medium | 5.3 | 2025-12-12 11:15:51 | Deep Dive |
| CVE-2025-12407 | Events Manager – Calendar, Bookings, Tickets, and more! <= 7.2.2.2 - Cross-Site Request Forgery to Location Deletion | netweblogic | Events Manager – Calendar, Bookings, Tickets, and more! | Medium | 4.3 | 2025-12-12 11:15:51 | Deep Dive |
| CVE-2025-13756 | Fluent Booking – The Ultimate Appointments Scheduling, Events Booking, Events Calendar Solution <= 1.9.11 - Authenticated (Subscriber+) Missing Authorization to Calendar Import and Management | techjewel | Fluent Booking – The Ultimate Appointments Scheduling, Events Booking, Events Calendar Solution | Medium | 4.3 | 2025-12-03 13:52:45 | Deep Dive |
| CVE-2025-12482 | Booking for Appointments and Events Calendar – Amelia <= 1.2.35 - Unauthenticated SQL Injection via search | ameliabooking | Booking for Appointments and Events Calendar – Amelia | High | 7.5 | 2025-11-16 04:17:30 | Deep Dive |
| CVE-2025-12498 | EventPrime – Events Calendar, Bookings and Tickets <= 4.2.0.0 - Missing Authorization to Authenticated (Subscriber+) Booking Note Creation | metagauss | EventPrime – Events Calendar, Bookings and Tickets | Medium | 4.3 | 2025-11-08 06:39:56 | Deep Dive |
| CVE-2025-12192 | The Events Calendar <= 6.15.9 - Sysinfo Key Incorrect Comparison to Unauthenticated Sensitive Information Exposure | stellarwp | The Events Calendar | Medium | 5.3 | 2025-11-05 09:27:41 | Deep Dive |
| CVE-2025-12197 | The Events Calendar 6.15.1.1 - 6.15.9 - Unauthenticated SQL Injection via s | stellarwp | The Events Calendar | High | 7.5 | 2025-11-05 04:36:59 | Deep Dive |
| CVE-2025-12175 | The Events Calendar <= 6.15.9 - Missing Authorization to Authenticated (Subscriber+) Draft Event Title/QR Code Exposure | stellarwp | The Events Calendar | Medium | 4.3 | 2025-10-31 08:25:55 | Deep Dive |
| CVE-2025-7052 | LatePoint <= 5.1.94 - Cross-Site Request Forgery to Account Takeover via change_password() Function | latepoint | LatePoint – Calendar Booking Plugin for Appointments and Events | High | 8.8 | 2025-09-30 04:27:08 | Deep Dive |
| CVE-2025-7038 | LatePoint <= 5.1.94 - Unauthenticated Authentication Bypass via load_step Function | latepoint | LatePoint – Calendar Booking Plugin for Appointments and Events | High | 8.2 | 2025-09-30 04:27:08 | Deep Dive |
| CVE-2025-6941 | LatePoint <= 5.1.94 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | latepoint | LatePoint – Calendar Booking Plugin for Appointments and Events | Medium | 6.4 | 2025-09-30 04:27:07 | Deep Dive |
| CVE-2025-6815 | LatePoint <= 5.1.94 - Authenticated (Administrator+) Stored Cross-Site Scripting | latepoint | LatePoint – Calendar Booking Plugin for Appointments and Events | Medium | 5.5 | 2025-09-30 04:27:06 | Deep Dive |
| CVE-2025-9808 | The Events Calendar <= 6.15.2 - Missing Authorization to Unauthenticated Password-Protected Information Disclosure | stellarwp | The Events Calendar | Medium | 5.3 | 2025-09-16 05:25:26 | Deep Dive |