| CVE-2025-9346 | Booking Calendar <= 10.14.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | wpdevelop | Booking Calendar | Medium | 6.4 | 2025-08-28 03:42:45 | Deep Dive |
| CVE-2025-7813 | Event Manager, Events Calendar, Booking, Registrations and Tickets – Eventin <= 4.0.37 - Unauthenticated Server-Side Request Forgery | arraytics | Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered) | High | 7.2 | 2025-08-23 05:48:20 | Deep Dive |
| CVE-2025-54677 | WordPress Online Booking & Scheduling Calendar for WordPress by vcita Plugin <= 4.5.3 - Arbitrary File Upload Vulnerability | vcita | Online Booking & Scheduling Calendar for WordPress by vcita | Critical | 9.1 | 2025-08-20 08:02:52 | Deep Dive |
| CVE-2025-8293 | Intl DateTime Calendar <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via date Parameter | Theerawat Patthawee | Intl DateTime Calendar | Medium | 6.4 | 2025-08-16 03:38:53 | Deep Dive |
| CVE-2025-8091 | EventON Lite <= 2.4.7 - Authenticated (Contributor+) Information Disclosure | ashanjay | EventON – Events Calendar | Medium | 4.3 | 2025-08-15 08:25:39 | Deep Dive |
| CVE-2025-54676 | WordPress Online Booking & Scheduling Calendar for by vcita Plugin plugin <= 4.5.3 - Cross Site Scripting (XSS) Vulnerability | vcita | Online Booking & Scheduling Calendar for WordPress by vcita | Medium | 6.5 | 2025-08-14 10:34:42 | Deep Dive |
| CVE-2025-52730 | WordPress WordPress Event Manager, Event Calendar and Booking Plugin Plugin <= 4.0.24 - Cross Site Scripting (XSS) Vulnerability | themefunction | WordPress Event Manager, Event Calendar and Booking Plugin | Medium | 6.5 | 2025-08-14 10:34:02 | Deep Dive |
| CVE-2025-52731 | WordPress WordPress Event Manager, Event Calendar and Booking Plugin Plugin <= 4.0.24 - Arbitrary Content Deletion Vulnerability | themefunction | WordPress Event Manager, Event Calendar and Booking Plugin | High | 7.5 | 2025-08-14 10:34:01 | Deep Dive |
| CVE-2025-4796 | Eventin <= 4.0.34 - Authenticated (Contributor+) Privilege Escalation via User Email Change/Account Takeover | arraytics | Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered) | High | 8.8 | 2025-08-08 18:26:27 | Deep Dive |
| CVE-2025-52133 | XWiki Contrib Mocca Calendar Application 跨站脚本漏洞 | xwiki-contrib | Mocca Calendar | Medium | 6.4 | 2025-08-03 00:00:00 | Deep Dive |
| CVE-2025-52132 | XWiki Contrib Mocca Calendar Application 跨站脚本漏洞 | xwiki-contrib | Mocca Calendar | Medium | 6.4 | 2025-08-03 00:00:00 | Deep Dive |
| CVE-2025-52131 | XWiki Contrib Mocca Calendar Application 跨站脚本漏洞 | xwiki-contrib | Mocca Calendar | Medium | 6.4 | 2025-08-03 00:00:00 | Deep Dive |
| CVE-2025-7689 | Hydra Booking 1.1.0 - 1.1.18 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via tfhb_reset_password_callback Function | themefic | Hydra Booking – All in One Appointment Booking System | Appointment Scheduling, Booking Calendar & WooCommerce Bookings | High | 8.8 | 2025-07-29 09:23:46 | Deep Dive |
| CVE-2025-26855 | Extension - joomcar.net - SQL injection in Articles Calendar 1.0.0 - 1.0.1.0007 for Joomla | joomcar.net | Articles Calendar extension for Joomla | 中危 | - | 2025-07-18 07:38:32 | Deep Dive |
| CVE-2025-2799 | WP Event Manager <= 3.1.49 - Authenticated (Administrator+) Stored Cross-Site Scripting | wpeventmanager | WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce | Medium | 4.4 | 2025-07-16 05:23:51 | Deep Dive |
| CVE-2025-2800 | WP Event Manager <= 3.1.50 - Unauthenticated Stored Cross-Site Scripting via 'organizer_name' | wpeventmanager | WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce | High | 7.2 | 2025-07-16 05:23:51 | Deep Dive |
| CVE-2021-4458 | Modern Events Calendar Lite <= 6.3.0 - Unauthenticated SQL Injection | webnus/ | Modern Events Calendar Lite | Medium | 5.9 | 2025-07-12 11:23:39 | Deep Dive |
| CVE-2025-6976 | Events Manager <= 7.0.3 - Authenticated(Contributor+) Stored Cross-Site Scripting via Plugin Shortcodes | netweblogic | Events Manager – Calendar, Bookings, Tickets, and more! | Medium | 6.4 | 2025-07-09 22:22:48 | Deep Dive |
| CVE-2025-6970 | Events Manager <= 7.0.3 - Unauthenticated SQL Injection via `orderby` Parameter | netweblogic | Events Manager – Calendar, Bookings, Tickets, and more! | High | 7.5 | 2025-07-09 22:22:47 | Deep Dive |
| CVE-2025-6975 | Event Manager <= 7.0.3 - Reflected Cross-Site Scripting via `calendar_header` Parameter | netweblogic | Events Manager – Calendar, Bookings, Tickets, and more! | Medium | 6.1 | 2025-07-09 22:22:47 | Deep Dive |