Theeventscalendar Eventcalendar — known CVE vulnerabilities
Every CVE whose affected-product data names Theeventscalendar Eventcalendar, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2021-25024 — CVSS 6.1 (medium): The EventCalendar WordPress plugin before 1.1.51 does not escape some user input before outputting it back in attributes, leading to…
CVE-2021-25025 — CVSS 4.3 (medium): The EventCalendar WordPress plugin before 1.1.51 does not have proper authorisation and CSRF checks in the add_calendar_event AJAX actions…