Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total2

Critical0

High1

Medium1

Search Severity Year Type Sort Order

Reset

Showing 1-2 of 2 records

Threat Entry Updated 2025-08-29

CVE-2025-6366 - Event List Plugin

The Event List plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.0.4. This is due to the plugin not properly validating a user's capabilities prior to updating their profile in the el_update_profile() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change their capabilities to those of an administrator.

PLUGIN Event List

CVE-2025-6366

HIGH CVSS 8.8 2025-08-26

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2024-11-21

CVE-2022-0418 - Event List Plugin

The Event List WordPress plugin before 0.8.8 does not sanitise and escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks against other admin even when the unfiltered_html is disallowed

PLUGIN Event List

CVE-2022-0418

MEDIUM CVSS 4.8 2022-05-02

Risk Score

Open Full Technical Breakdown

Blog

"Prevention is cheaper than a breach"

Threat Database

CVE-2025-6366 - Event List Plugin

CVE-2022-0418 - Event List Plugin

Company Links

Contact Us