| CVE-2024-11855 | Koalendar – Events & Appointments Booking Calendar <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via height Parameter | koalendar | Koalendar – Easy Appointment Scheduling & Booking Plugin | Medium | 6.4 | 2024-12-14 04:23:46 | Deep Dive |
| CVE-2023-35777 | WordPress The Events Calendar plugin <= 6.1.2.2 - Broken Access Control vulnerability | StellarWP | The Events Calendar | Medium | 5.3 | 2024-12-13 14:23:40 | Deep Dive |
| CVE-2024-11875 | Add infos to the events calendar <= 1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | hage | Add infos to The Events Calendar | Medium | 6.4 | 2024-12-12 04:23:11 | Deep Dive |
| CVE-2024-7982 | Registrations for The Events Calendar < 2.12.4 - Unauthenticated Stored XSS | Unknown | Registrations for the Events Calendar | 超危 | - | 2024-11-08 06:00:03 | Deep Dive |
| CVE-2024-43143 | WordPress Registrations for the Events Calendar plugin <= 2.12.1 - Broken Access Control vulnerability | Roundup WP | Registrations for the Events Calendar | Medium | 6.4 | 2024-11-01 14:17:46 | Deep Dive |
| CVE-2024-9864 | EventPrime – Modern Events Calendar, Bookings and Tickets <= 4.0.4.7 - Unauthenticated Stored Cross-Site Scripting | metagauss | EventPrime – Events Calendar, Bookings and Tickets | Medium | 6.1 | 2024-10-24 06:50:25 | Deep Dive |
| CVE-2024-9865 | EventPrime – Modern Events Calendar, Bookings and Tickets <= 4.0.4.7 - Unauthenticated Stored Cross-Site Scripting via Transaction Log | metagauss | EventPrime – Events Calendar, Bookings and Tickets | Medium | 6.1 | 2024-10-24 06:50:24 | Deep Dive |
| CVE-2022-4974 | Freemius SDK <= 2.4.2 - Missing Authorization Checks | dashlabsltd | YASR – Yet Another Star Rating Plugin for WordPress | Medium | 6.3 | 2024-10-16 06:43:30 | Deep Dive |
| CVE-2024-7149 | Event Manager, Events Calendar, Tickets, Registrations – Eventin <= 4.0.8 - Authenticated (Contributor+) Local File Inclusion | arraytics | Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered) | High | 8.8 | 2024-09-27 13:52:55 | Deep Dive |
| CVE-2024-6931 | The Events Calendar <= 6.6.3 - Unauthenticated Stored Cross-Site Scripting | stellarwp | The Events Calendar | High | 7.2 | 2024-09-27 08:46:25 | Deep Dive |
| CVE-2024-8275 | The Events Calendar <= 6.6.4 - Unauthenticated SQL Injection | stellarwp | The Events Calendar | Critical | 9.8 | 2024-09-25 04:30:29 | Deep Dive |
| CVE-2024-8369 | EventPrime <= 4.0.4.3 - Missing Authorization to Unauthenticated Private or Password-Protected Events Disclosure | metagauss | EventPrime – Events Calendar, Bookings and Tickets | Medium | 5.3 | 2024-09-10 11:30:32 | Deep Dive |
| CVE-2024-6332 | Booking for Appointments and Events Calendar – Amelia Premium <= 7.7 and Lite <= 1.2.4 - Missing Authorization to Sensitive Information Exposure | ameliabooking | Booking for Appointments and Events Calendar – Amelia | Medium | 6.5 | 2024-09-05 09:29:49 | Deep Dive |
| CVE-2024-8016 | The Events Calendar Pro <= 7.0.2 - Authenticated (Administrator+) PHP Object Injection to Remote Code Execution | theeventscalendar | The Events Calendar Pro | Critical | 9.1 | 2024-08-30 06:52:16 | Deep Dive |
| CVE-2024-39638 | WordPress Registrations for the Events Calendar plugin <= 2.12.2 - SQL Injection vulnerability | Roundup WP | Registrations for the Events Calendar | High | 8.5 | 2024-08-29 14:19:56 | Deep Dive |
| CVE-2024-6552 | Booking for Appointments and Events Calendar – Amelia <= 1.2 - Unauthenticated Full Path Disclosure | ameliabooking | Booking for Appointments and Events Calendar – Amelia | Medium | 5.3 | 2024-08-08 03:30:46 | Deep Dive |
| CVE-2024-6522 | Modern Events Calendar <= 7.12.1 - Authenticated (Subscriber+) Server Side Request Forgery | Webnus | Modern Events Calendar | High | 8.5 | 2024-08-07 11:00:07 | Deep Dive |
| CVE-2024-6033 | Event Manager, Events Calendar, Tickets, Registrations – Eventin <= 4.0.4 - Missing Authorization to Authenticated (Contributor+) Event Data Import | arraytics | Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered) | Medium | 4.3 | 2024-07-17 06:45:08 | Deep Dive |
| CVE-2024-2691 | WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce <= 3.1.43 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'events' Shortcode | wpeventmanager | WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce | Medium | 6.4 | 2024-07-16 08:32:30 | Deep Dive |
| CVE-2024-38716 | WordPress Events Calendar for Google plugin <= 2.1.0 - Local File Inclusion vulnerability | Blue Plugins | Events Calendar for Google | Medium | 6.5 | 2024-07-12 15:14:52 | Deep Dive |