← Back

Eventcalendar

eventcalendar

Vendor: Theeventscalendar • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-25025
1Theeventscalendar
1Eventcalendar
Jun 17, 2026
Jan 17, 2022
N/A· v4
4.3 MEDIUM· v3
4.0 MEDIUM· v2
The EventCalendar WordPress plugin before 1.1.51 does not have proper authorisation and CSRF checks in the add_calendar_event AJAX actions, allowing users with a role as low as subscriber to create events
CVE-2021-25024
1Theeventscalendar
1Eventcalendar
Jun 17, 2026
Jan 17, 2022
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
The EventCalendar WordPress plugin before 1.1.51 does not escape some user input before outputting it back in attributes, leading to Reflected Cross-SIte Scripting issues