The following table lists the changes that have been made to the CVE-2025-22228 vulnerability over time. Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability’s severity, exploitability, or other characteristics. New CVE Received by [email protected] Mar. 20, 2025 Action […]
CVE ID : CVE-2025-1766 Published : March 20, 2025, 6:15 a.m. | 1 hour, 3 minutes ago Description : The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘payment_complete’ function in all versions up to, and including, 4.0.24. This […]
The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.0.24 via the ‘style’ parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of […]
CVE ID : CVE-2025-1314 Published : March 20, 2025, 6:15 a.m. | 1 hour, 3 minutes ago Description : The Custom Twitter Feeds – A Tweets Widget or X Feed Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.5. This is due to missing or incorrect nonce validation […]
CVE ID : CVE-2024-13881 Published : March 20, 2025, 6:15 a.m. | 1 hour, 3 minutes ago Description : The Link My Posts WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as […]
CVE ID : CVE-2024-13880 Published : March 20, 2025, 6:15 a.m. | 1 hour, 3 minutes ago Description : The My Quota WordPress plugin through 1.0.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. […]
CVE ID : CVE-2024-13878 Published : March 20, 2025, 6:15 a.m. | 1 hour, 3 minutes ago Description : The SpotBot WordPress plugin through 0.1.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. Severity: […]
CVE ID : CVE-2024-13877 Published : March 20, 2025, 6:15 a.m. | 1 hour, 3 minutes ago Description : The Passbeemedia Web Push Notification WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such […]
CVE ID : CVE-2024-13876 Published : March 20, 2025, 6:15 a.m. | 1 hour, 3 minutes ago Description : The mEintopf WordPress plugin through 0.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. Severity: […]
CVE ID : CVE-2024-13875 Published : March 20, 2025, 6:15 a.m. | 1 hour, 3 minutes ago Description : The WP-PManager WordPress plugin through 1.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. Severity: […]
Unit A5, Endeavour Business Park
Penner Road, Havant
PO9 1QN
Company Registration Number: 5334133
Company VAT Number: 855 7246 95
