| CVE-2025-3769 | Latepoint <= 5.1.92 - Unauthenticated Insecure Direct Object Reference | latepoint | LatePoint – Calendar Booking Plugin for Appointments and Events | Medium | 5.3 | 2025-05-14 11:12:26 | Deep Dive |
| CVE-2025-3419 | Event Manager, Events Calendar, Tickets, Registrations – Eventin <= 4.0.26 - Unauthenticated Arbitrary File Read | arraytics | Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered) | High | 7.5 | 2025-05-08 05:22:51 | Deep Dive |
| CVE-2025-32597 | WordPress WordPress Events Calendar Plugin – connectDaily plugin <= 1.5.4 - CSRF to Cross-Site Scripting vulnerability | George Sexton | WordPress Events Calendar Plugin – connectDaily | High | 7.1 | 2025-04-09 16:09:30 | Deep Dive |
| CVE-2025-32174 | WordPress Tockify Events Calendar plugin <= 2.2.13 - Cross Site Scripting (XSS) vulnerability | Tockify | Tockify Events Calendar | Medium | 6.5 | 2025-04-04 15:58:54 | Deep Dive |
| CVE-2025-31572 | WordPress Multi Days Events and Multi Events in One Day Calendar plugin <= 1.1.3 - Cross Site Request Forgery (CSRF) vulnerability | v20202020 | Multi Days Events and Multi Events in One Day Calendar | Medium | 4.3 | 2025-03-31 12:55:21 | Deep Dive |
| CVE-2025-2578 | Booking for Appointments and Events Calendar – Amelia <= 1.2.19 - Unauthenticated Full Path Disclosure | ameliabooking | Booking for Appointments and Events Calendar – Amelia | Medium | 5.3 | 2025-03-28 07:33:04 | Deep Dive |
| CVE-2025-22497 | WordPress Simple Google Calendar Outlook Events Block Widget plugin <= 2.5.0 - Cross Site Scripting (XSS) vulnerability | bramwaas | Simple Google Calendar Outlook Events Block Widget | Medium | 6.5 | 2025-03-27 15:31:34 | Deep Dive |
| CVE-2025-26536 | WordPress Another Events Calendar Plugin <= 1.7.0 - Reflected Cross Site Scripting (XSS) vulnerability | Yendif Player | Another Events Calendar | High | 7.1 | 2025-03-26 14:24:18 | Deep Dive |
| CVE-2024-10703 | Registrations for The Events Calendar < 2.13.4 - Admin+ Stored XSS | Unknown | Registrations for the Events Calendar | 中危 | - | 2025-03-25 06:00:10 | Deep Dive |
| CVE-2025-1766 | Event Manager, Events Calendar, Tickets, Registrations – Eventin <= 4.0.24 - Missing Authorization to Unauthenticated Payment Status Update | arraytics | Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered) | Medium | 5.3 | 2025-03-20 05:22:35 | Deep Dive |
| CVE-2025-1770 | Event Manager, Events Calendar, Tickets, Registrations – Eventin <= 4.0.24 - Authenticated (Contributor+) Local File Inclusion | arraytics | Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered) | High | 8.8 | 2025-03-20 05:22:35 | Deep Dive |
| CVE-2024-13526 | EventPrime – Events Calendar, Bookings and Tickets <= 4.0.7.3 - Missing Authorization to Authenticated (Subscriber+) Event Attendees Export | metagauss | EventPrime – Events Calendar, Bookings and Tickets | Medium | 4.3 | 2025-03-07 01:44:54 | Deep Dive |
| CVE-2025-26967 | WordPress Events Calendar for GeoDirectory plugin <= 2.3.14 - PHP Object Injection vulnerability | Stiofan | Events Calendar for GeoDirectory | High | 8.8 | 2025-03-03 13:30:42 | Deep Dive |
| CVE-2025-1410 | Events Calendar Made Simple – Pie Calendar <= 1.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via piecal Shortcode | apexws | Pie Calendar – Events Calendar Made Simple | Medium | 6.4 | 2025-02-21 08:21:37 | Deep Dive |
| CVE-2024-11260 | Events Manager – Calendar, Bookings, Tickets, and more! <= 6.6.3 - Unauthenticated SQL Injection via Event Status Parameter | netweblogic | Events Manager – Calendar, Bookings, Tickets, and more! | High | 7.5 | 2025-02-21 05:22:32 | Deep Dive |
| CVE-2025-24537 | WordPress The Events Calendar plugin <= 6.7.0 - Cross Site Request Forgery (CSRF) vulnerability | StellarWP | The Events Calendar | Medium | 5.4 | 2025-01-27 14:22:15 | Deep Dive |
| CVE-2024-12118 | The Events Calendar <= 6.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | stellarwp | The Events Calendar | Medium | 6.4 | 2025-01-23 11:13:30 | Deep Dive |
| CVE-2024-37518 | WordPress The Events Calendar plugin <= 6.5.1.4 - Cross Site Request Forgery (CSRF) vulnerability | StellarWP | The Events Calendar | Medium | 4.3 | 2025-01-02 12:01:01 | Deep Dive |
| CVE-2024-12024 | EventPrime – Events Calendar, Bookings and Tickets <= 4.0.7.3 - Unauthenticated Stored Cross-Site Scripting via Ticket Category and Ticket Type Name | metagauss | EventPrime – Events Calendar, Bookings and Tickets | High | 7.2 | 2024-12-17 09:22:42 | Deep Dive |
| CVE-2024-5333 | The Events Calendar < 6.8.2.1 - Unauthenticated Password Protected Event Disclosure | Unknown | The Events Calendar | 中危 | - | 2024-12-16 06:00:06 | Deep Dive |