| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-4109 | Eventin – Events Calendar, Event Booking, Ticket & Registration (AI Powered) <= 4.1.8 Missing Authorization to Authenticated (Subscriber+) Order Information Exposure | arraytics | Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered) | Medium | 4.3 | 2026-04-14 07:43:04 | Deep Dive |
| CVE-2025-14657 | Eventin – Event Manager, Event Booking, Calendar, Tickets and Registration Plugin (AI Powered) <= 4.0.51 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting via 'post_settings' | arraytics | Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered) | High | 7.2 | 2026-01-09 07:22:13 | Deep Dive |
| CVE-2025-7813 | Event Manager, Events Calendar, Booking, Registrations and Tickets – Eventin <= 4.0.37 - Unauthenticated Server-Side Request Forgery | arraytics | Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered) | High | 7.2 | 2025-08-23 05:48:20 | Deep Dive |
| CVE-2025-52730 | WordPress WordPress Event Manager, Event Calendar and Booking Plugin Plugin <= 4.0.24 - Cross Site Scripting (XSS) Vulnerability | themefunction | WordPress Event Manager, Event Calendar and Booking Plugin | Medium | 6.5 | 2025-08-14 10:34:02 | Deep Dive |
| CVE-2025-52731 | WordPress WordPress Event Manager, Event Calendar and Booking Plugin Plugin <= 4.0.24 - Arbitrary Content Deletion Vulnerability | themefunction | WordPress Event Manager, Event Calendar and Booking Plugin | High | 7.5 | 2025-08-14 10:34:01 | Deep Dive |
| CVE-2025-4796 | Eventin <= 4.0.34 - Authenticated (Contributor+) Privilege Escalation via User Email Change/Account Takeover | arraytics | Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered) | High | 8.8 | 2025-08-08 18:26:27 | Deep Dive |
| CVE-2022-4974 | Freemius SDK <= 2.4.2 - Missing Authorization Checks | dashlabsltd | YASR – Yet Another Star Rating Plugin for WordPress | Medium | 6.3 | 2024-10-16 06:43:30 | Deep Dive |
| CVE-2024-8671 | WooEvents <= 4.1.2 - Unauthenticated Arbitrary File Overwrite | Ex-Themes | WooEvents - Calendar and Event Booking | Critical | 9.1 | 2024-09-24 03:06:38 | Deep Dive |
| CVE-2024-8432 | Appointment & Event Booking Calendar Plugin – Webba Booking <= 5.0.48 - Missing Authorization to Authenticated (Subscriber+) CSS Settings Update | webba-agency | Easy Appointment Booking & Scheduling System – Webba Booking Calendar | Medium | 4.3 | 2024-09-24 01:56:45 | Deep Dive |
| CVE-2023-51354 | WordPress Webba Booking Plugin <= 4.5.33 is vulnerable to Cross Site Request Forgery (CSRF) | WebbaPlugins | Appointment & Event Booking Calendar Plugin – Webba Booking | Medium | 4.3 | 2023-12-29 12:23:41 | Deep Dive |
| CVE-2023-3558 | GZ Scripts Event Booking Calendar load.php cross site scripting | GZ Scripts | Event Booking Calendar | Low | 3.5 | 2023-07-08 14:00:05 | Deep Dive |
| CVE-2023-27918 | WordPress plugin Appointment and Event Booking Calendar for WordPress 跨站脚本漏洞 | TMS | Appointment and Event Booking Calendar for WordPress - Amelia | 中危 | - | 2023-05-10 00:00:00 | Deep Dive |