VYPR

The Events Calendar Pro

by WordPress

CVEs (2)

  • CVE-2024-8016CriAug 30, 2024
    risk 0.59cvss 9.1epss 0.01

    The Events Calendar Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.0.2 via deserialization of untrusted input from the 'filters' parameter in widgets. This makes it possible for authenticated attackers, with…

  • CVE-2024-1295MedJun 14, 2024
    risk 0.42cvss 6.5epss 0.00

    The events-calendar-pro WordPress plugin before 6.4.0.1, The Events Calendar WordPress plugin before 6.4.0.1 does not prevent users with at least the contributor role from leaking details about events they shouldn't have access to. (e.g. password-protected events, drafts, etc.)