| CVE-2024-11260 | Events Manager – Calendar, Bookings, Tickets, and more! <= 6.6.3 - Unauthenticated SQL Injection via Event Status Parameter | netweblogic | Events Manager – Calendar, Bookings, Tickets, and more! | High | 7.5 | 2025-02-21 05:22:32 | Deep Dive |
| CVE-2025-0507 | Ticketmeo – Sell Tickets – Event Ticketing <= 2.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | snexed | Ticketmeo – Sell Tickets – Event Ticketing | Medium | 6.4 | 2025-01-31 04:21:47 | Deep Dive |
| CVE-2024-13457 | Event Tickets <= 5.18.1 - Insecure Direct Object Reference to Sensitive Information Exposure | stellarwp | Event Tickets and Registration | Medium | 5.3 | 2025-01-30 06:41:08 | Deep Dive |
| CVE-2025-22717 | WordPress My Tickets plugin <= 2.0.9 - Broken Access Control vulnerability | Joe Dolson | My Tickets | High | 7.5 | 2025-01-21 13:57:35 | Deep Dive |
| CVE-2024-11396 | Event monster <= 1.4.3 - Information Exposure Via Visitors List Export | awordpresslife | Event Monster – Manager & Ticket Booking | Medium | 5.3 | 2025-01-13 23:21:40 | Deep Dive |
| CVE-2024-38762 | WordPress Event Tickets and Registration plugin <= 5.11.0.4 - Cross Site Request Forgery (CSRF) vulnerability | StellarWP | Event Tickets | Medium | 4.3 | 2025-01-02 12:01:06 | Deep Dive |
| CVE-2024-11784 | Sell Tickets Online – TicketSource Ticket Shop for WordPress <= 3.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | ticketsource | TicketSource Ticket Shop | Medium | 6.4 | 2024-12-20 06:59:08 | Deep Dive |
| CVE-2024-12024 | EventPrime – Events Calendar, Bookings and Tickets <= 4.0.7.3 - Unauthenticated Stored Cross-Site Scripting via Ticket Category and Ticket Type Name | metagauss | EventPrime – Events Calendar, Bookings and Tickets | High | 7.2 | 2024-12-17 09:22:42 | Deep Dive |
| CVE-2024-9866 | Event Tickets with Ticket Scanner <= 2.4.4 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting | sasonikolov | Event Tickets with Ticket Scanner | Medium | 5.4 | 2024-12-06 08:24:52 | Deep Dive |
| CVE-2024-10878 | Sugar Calendar (Lite) <= 3.3.0 - Reflected Cross-Site Scripting | smub | Sugar Calendar – Events Calendar, Event Tickets, and Events Management Platform | Medium | 6.1 | 2024-11-26 17:32:11 | Deep Dive |
| CVE-2024-52427 | WordPress Event Tickets with Ticket Scanner plugin <= 2.3.11 - Remote Code Execution (RCE) vulnerability | Vollstart | Event Tickets with Ticket Scanner | Critical | 9.9 | 2024-11-18 14:22:15 | Deep Dive |
| CVE-2024-9864 | EventPrime – Modern Events Calendar, Bookings and Tickets <= 4.0.4.7 - Unauthenticated Stored Cross-Site Scripting | metagauss | EventPrime – Events Calendar, Bookings and Tickets | Medium | 6.1 | 2024-10-24 06:50:25 | Deep Dive |
| CVE-2024-9865 | EventPrime – Modern Events Calendar, Bookings and Tickets <= 4.0.4.7 - Unauthenticated Stored Cross-Site Scripting via Transaction Log | metagauss | EventPrime – Events Calendar, Bookings and Tickets | Medium | 6.1 | 2024-10-24 06:50:24 | Deep Dive |
| CVE-2022-4974 | Freemius SDK <= 2.4.2 - Missing Authorization Checks | dashlabsltd | YASR – Yet Another Star Rating Plugin for WordPress | Medium | 6.3 | 2024-10-16 06:43:30 | Deep Dive |
| CVE-2024-7149 | Event Manager, Events Calendar, Tickets, Registrations – Eventin <= 4.0.8 - Authenticated (Contributor+) Local File Inclusion | arraytics | Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered) | High | 8.8 | 2024-09-27 13:52:55 | Deep Dive |
| CVE-2024-8369 | EventPrime <= 4.0.4.3 - Missing Authorization to Unauthenticated Private or Password-Protected Events Disclosure | metagauss | EventPrime – Events Calendar, Bookings and Tickets | Medium | 5.3 | 2024-09-10 11:30:32 | Deep Dive |
| CVE-2024-6033 | Event Manager, Events Calendar, Tickets, Registrations – Eventin <= 4.0.4 - Missing Authorization to Authenticated (Contributor+) Event Data Import | arraytics | Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered) | Medium | 4.3 | 2024-07-17 06:45:08 | Deep Dive |
| CVE-2024-2691 | WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce <= 3.1.43 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'events' Shortcode | wpeventmanager | WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce | Medium | 6.4 | 2024-07-16 08:32:30 | Deep Dive |
| CVE-2024-5889 | Events Manager <= 6.4.8 - Reflected Cross-Site Scripting | netweblogic | Events Manager – Calendar, Bookings, Tickets, and more! | Medium | 6.1 | 2024-06-29 04:33:29 | Deep Dive |
| CVE-2024-5059 | WordPress Event Monster Plugin <= 1.4.0 - Sensitive Data Exposure vulnerability | A WP Life | Event Management Tickets Booking | Medium | 5.3 | 2024-06-21 13:03:31 | Deep Dive |