| CVE-2025-9807 | The Events Calendar <= 6.15.1 - Unauthenticated SQL Injection | stellarwp | The Events Calendar | High | 7.5 | 2025-09-12 01:46:01 | Deep Dive |
| CVE-2025-5801 | Digital Events Calendar <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via column Parameter | rejuancse | Digital Events Calendar | Medium | 6.4 | 2025-09-11 07:24:53 | Deep Dive |
| CVE-2025-58862 | WordPress WordPress Events Calendar Plugin – connectDaily Plugin <= 1.5.5 - Cross Site Scripting (XSS) Vulnerability | George Sexton | WordPress Events Calendar Plugin – connectDaily | Medium | 6.5 | 2025-09-05 13:45:41 | Deep Dive |
| CVE-2025-7813 | Event Manager, Events Calendar, Booking, Registrations and Tickets – Eventin <= 4.0.37 - Unauthenticated Server-Side Request Forgery | arraytics | Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered) | High | 7.2 | 2025-08-23 05:48:20 | Deep Dive |
| CVE-2025-8091 | EventON Lite <= 2.4.7 - Authenticated (Contributor+) Information Disclosure | ashanjay | EventON – Events Calendar | Medium | 4.3 | 2025-08-15 08:25:39 | Deep Dive |
| CVE-2025-4796 | Eventin <= 4.0.34 - Authenticated (Contributor+) Privilege Escalation via User Email Change/Account Takeover | arraytics | Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered) | High | 8.8 | 2025-08-08 18:26:27 | Deep Dive |
| CVE-2025-2799 | WP Event Manager <= 3.1.49 - Authenticated (Administrator+) Stored Cross-Site Scripting | wpeventmanager | WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce | Medium | 4.4 | 2025-07-16 05:23:51 | Deep Dive |
| CVE-2025-2800 | WP Event Manager <= 3.1.50 - Unauthenticated Stored Cross-Site Scripting via 'organizer_name' | wpeventmanager | WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce | High | 7.2 | 2025-07-16 05:23:51 | Deep Dive |
| CVE-2021-4458 | Modern Events Calendar Lite <= 6.3.0 - Unauthenticated SQL Injection | webnus/ | Modern Events Calendar Lite | Medium | 5.9 | 2025-07-12 11:23:39 | Deep Dive |
| CVE-2025-6976 | Events Manager <= 7.0.3 - Authenticated(Contributor+) Stored Cross-Site Scripting via Plugin Shortcodes | netweblogic | Events Manager – Calendar, Bookings, Tickets, and more! | Medium | 6.4 | 2025-07-09 22:22:48 | Deep Dive |
| CVE-2025-6975 | Event Manager <= 7.0.3 - Reflected Cross-Site Scripting via `calendar_header` Parameter | netweblogic | Events Manager – Calendar, Bookings, Tickets, and more! | Medium | 6.1 | 2025-07-09 22:22:47 | Deep Dive |
| CVE-2025-6970 | Events Manager <= 7.0.3 - Unauthenticated SQL Injection via `orderby` Parameter | netweblogic | Events Manager – Calendar, Bookings, Tickets, and more! | High | 7.5 | 2025-07-09 22:22:47 | Deep Dive |
| CVE-2025-5144 | The Events Calendar <= 6.13.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting | stellarwp | The Events Calendar | Medium | 6.4 | 2025-06-11 12:22:52 | Deep Dive |
| CVE-2025-49311 | WordPress The Events Calendar Countdown Addon plugin <= 1.4.9 - Cross Site Scripting (XSS) Vulnerability | CoolHappy | The Events Calendar Countdown Addon | Medium | 6.5 | 2025-06-06 12:53:51 | Deep Dive |
| CVE-2025-5733 | Modern Events Calendar <= 7.21.9 - Information Exposure | webnus/ | Modern Events Calendar Lite | Medium | 5.3 | 2025-06-06 03:41:23 | Deep Dive |
| CVE-2025-39372 | WordPress WordPress Events Calendar Registration & Tickets plugin <= 2.6.0 - Reflected Cross Site Scripting (XSS) vulnerability | elbisnero | WordPress Events Calendar Registration & Tickets | High | 7.1 | 2025-05-19 19:38:06 | Deep Dive |
| CVE-2025-47581 | WordPress WordPress Events Calendar Registration & Tickets plugin <= 2.6.0 - PHP Object Injection vulnerability | elbisnero | WordPress Events Calendar Registration & Tickets | Critical | 9.8 | 2025-05-19 18:13:45 | Deep Dive |
| CVE-2025-48246 | WordPress The Events Calendar plugin <= 6.11.2.1 - Broken Access Control Vulnerability | StellarWP | The Events Calendar | Medium | 5.4 | 2025-05-19 14:44:55 | Deep Dive |
| CVE-2024-8701 | Event Calendar <= 1.0.4 - Admin+ Stored XSS | Unknown | events-calendar | - | - | 2025-05-15 20:07:18 | Deep Dive |
| CVE-2024-8493 | The Events Calendar < 6.6.4 - Admin+ Stored XSS | Unknown | The Events Calendar | - | - | 2025-05-15 20:07:16 | Deep Dive |