Community Events Project Community Events — known CVE vulnerabilities
Every CVE whose affected-product data names Community Events Project Community Events, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVE-2021-24496 — CVSS 6.1 (medium): The Community Events WordPress plugin before 1.4.8 does not sanitise, validate or escape its importrowscount and successimportcount GET…
CVE-2024-6271 — CVSS 5.4 (medium): The Community Events WordPress plugin before 1.5 does not have CSRF check in place when deleting events, which could allow attackers to…
CVE-2022-44742 — CVSS 4.8 (medium): Auth. (admin+) Stored Cross-Site Scripting vulnerability in Yannick Lefebvre Community Events plugin <= 1.4.8 versions.
CVE-2024-6270 — CVSS 4.8 (medium): The Community Events WordPress plugin before 1.5.1 does not sanitise and escape some of its settings, which could allow high privilege…