| CVE-2025-58988 | WordPress My Tickets Plugin <= 2.0.22 - Cross Site Scripting (XSS) Vulnerability | Joe Dolson | My Tickets | Medium | 6.5 | 2025-09-09 16:33:11 | Deep Dive |
| CVE-2025-7813 | Event Manager, Events Calendar, Booking, Registrations and Tickets – Eventin <= 4.0.37 - Unauthenticated Server-Side Request Forgery | arraytics | Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered) | High | 7.2 | 2025-08-23 05:48:20 | Deep Dive |
| CVE-2025-4796 | Eventin <= 4.0.34 - Authenticated (Contributor+) Privilege Escalation via User Email Change/Account Takeover | arraytics | Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered) | High | 8.8 | 2025-08-08 18:26:27 | Deep Dive |
| CVE-2025-2799 | WP Event Manager <= 3.1.49 - Authenticated (Administrator+) Stored Cross-Site Scripting | wpeventmanager | WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce | Medium | 4.4 | 2025-07-16 05:23:51 | Deep Dive |
| CVE-2025-2800 | WP Event Manager <= 3.1.50 - Unauthenticated Stored Cross-Site Scripting via 'organizer_name' | wpeventmanager | WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce | High | 7.2 | 2025-07-16 05:23:51 | Deep Dive |
| CVE-2025-6976 | Events Manager <= 7.0.3 - Authenticated(Contributor+) Stored Cross-Site Scripting via Plugin Shortcodes | netweblogic | Events Manager – Calendar, Bookings, Tickets, and more! | Medium | 6.4 | 2025-07-09 22:22:48 | Deep Dive |
| CVE-2025-6970 | Events Manager <= 7.0.3 - Unauthenticated SQL Injection via `orderby` Parameter | netweblogic | Events Manager – Calendar, Bookings, Tickets, and more! | High | 7.5 | 2025-07-09 22:22:47 | Deep Dive |
| CVE-2025-6975 | Event Manager <= 7.0.3 - Reflected Cross-Site Scripting via `calendar_header` Parameter | netweblogic | Events Manager – Calendar, Bookings, Tickets, and more! | Medium | 6.1 | 2025-07-09 22:22:47 | Deep Dive |
| CVE-2025-5568 | WpEvently <= 4.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | magepeopleteam | Event Booking Manager for WooCommerce | Medium | 6.4 | 2025-06-07 11:17:51 | Deep Dive |
| CVE-2025-39372 | WordPress WordPress Events Calendar Registration & Tickets plugin <= 2.6.0 - Reflected Cross Site Scripting (XSS) vulnerability | elbisnero | WordPress Events Calendar Registration & Tickets | High | 7.1 | 2025-05-19 19:38:06 | Deep Dive |
| CVE-2025-47581 | WordPress WordPress Events Calendar Registration & Tickets plugin <= 2.6.0 - PHP Object Injection vulnerability | elbisnero | WordPress Events Calendar Registration & Tickets | Critical | 9.8 | 2025-05-19 18:13:45 | Deep Dive |
| CVE-2024-6711 | Event Tickets with Ticket Scanner < 2.3.8 - Admin+ Stored XSS | Unknown | Event Tickets with Ticket Scanner | - | - | 2025-05-15 20:09:47 | Deep Dive |
| CVE-2025-3419 | Event Manager, Events Calendar, Tickets, Registrations – Eventin <= 4.0.26 - Unauthenticated Arbitrary File Read | arraytics | Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered) | High | 7.5 | 2025-05-08 05:22:51 | Deep Dive |
| CVE-2025-3761 | My Tickets – Accessible Event Ticketing <= 2.0.16 - Authenticated (Subscriber+) Privilege Escalation | joedolson | My Tickets – Accessible Event Ticketing | High | 8.8 | 2025-04-24 06:57:06 | Deep Dive |
| CVE-2025-30794 | WordPress Event Tickets plugin <= 5.20.0 - Reflected Cross Site Scripting (XSS) vulnerability | StellarWP | Event Tickets | High | 7.1 | 2025-04-01 05:31:37 | Deep Dive |
| CVE-2025-1762 | Event Tickets with Ticket Scanner < 2.5.4 - Arbitrary Tickets Deletion via CSRF | Unknown | Event Tickets with Ticket Scanner | 中危 | - | 2025-03-28 06:00:04 | Deep Dive |
| CVE-2025-1770 | Event Manager, Events Calendar, Tickets, Registrations – Eventin <= 4.0.24 - Authenticated (Contributor+) Local File Inclusion | arraytics | Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered) | High | 8.8 | 2025-03-20 05:22:35 | Deep Dive |
| CVE-2025-1766 | Event Manager, Events Calendar, Tickets, Registrations – Eventin <= 4.0.24 - Missing Authorization to Unauthenticated Payment Status Update | arraytics | Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered) | Medium | 5.3 | 2025-03-20 05:22:35 | Deep Dive |
| CVE-2024-13526 | EventPrime – Events Calendar, Bookings and Tickets <= 4.0.7.3 - Missing Authorization to Authenticated (Subscriber+) Event Attendees Export | metagauss | EventPrime – Events Calendar, Bookings and Tickets | Medium | 4.3 | 2025-03-07 01:44:54 | Deep Dive |
| CVE-2025-1402 | Event Tickets and Registration <= 5.19.1.1 - Missing Authorization to Ticket Deletion | stellarwp | Event Tickets and Registration | Medium | 5.3 | 2025-02-21 11:09:35 | Deep Dive |