Vulnerabilities and security researches forall-in-one-event-calendar all-in-one-event-calendar

Direction: ascending

Jun 06, 2024

Timely All-in-One Events Calendar # CVE-2012-1835

CVE, Research URL: CVE-2012-1835
Home page URL: Security reports for Timely All-in-One Events Calendar
Application: Timely All-in-One Events Calendar
Date: Aug 15, 2012
Research Description: Multiple cross-site scripting (XSS) vulnerabilities in the All-in-One Event Calendar plugin 1.4 and 1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to app/view/agenda-widget-form.php; (2) args, (3) title, (4) before_title, or (5) after_title parameter to app/view/agenda-widget.php; (6) button_value parameter to app/view/box_publish_button.php; or (7) msg parameter to /app/view/save_successful.php.
Affected versions: max 1.8.2.
Status: vulnerable

Jun 16, 2026

Timely All-in-One Events Calendar # 0ec61ea96faadfd646a8e5a7c0f9494cb3f06c0c

CVE, Research URL: 0ec61ea96faadfd646a8e5a7c0f9494cb3f06c0c
Home page URL: Security reports for Timely All-in-One Events Calendar
Application: Timely All-in-One Events Calendar
Date: May 06, 2019
Research Description: Timely All-in-One Events Calendar [all-in-one-event-calendar] < 2.5.39 (closed) WordPress All-in-One Event Calendar plugin <= 2.5.38 - Cross-Site Scripting (XSS) vulnerability Cross-Site Scripting (XSS) vulnerability found in WordPress All-in-One Event Calendar plugin (versions <= 2.5.38).
Affected versions: max 2.5.39.
Status: vulnerable

Timely All-in-One Events Calendar # a0fdedfbfa587d3a4153c8daef074ce28f3d31f5

CVE, Research URL: a0fdedfbfa587d3a4153c8daef074ce28f3d31f5
Home page URL: Security reports for Timely All-in-One Events Calendar
Application: Timely All-in-One Events Calendar
Date: May 15, 2015
Research Description: Timely All-in-One Events Calendar [all-in-one-event-calendar] < 1.10 (closed) WordPress All in One Event Calendar Plugin <= 1.9 - SQL Injection This plugin is prone to index.php multiple parameter SQL injection vulnerability. Update the plugin.
Affected versions: max 1.10.
Status: vulnerable

Timely All-in-One Events Calendar # 7bc5b9f9bd90a552fab6fa68cd3846b7a17b79b1

CVE, Research URL: 7bc5b9f9bd90a552fab6fa68cd3846b7a17b79b1
Home page URL: Security reports for Timely All-in-One Events Calendar
Application: Timely All-in-One Events Calendar
Date: Apr 11, 2012
Research Description: Timely All-in-One Events Calendar [all-in-one-event-calendar] < 1.5 (closed) WordPress All-in-One Event Calendar Plugin 1.4 - "button_value" Parameter XSS WordPress All-in-One Event Calendar plugin's/wp-content/plugins/all-in-one-event-calendar/app/view/box_publish_button.php "button_value" parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can steal cookie-based authentication credentials. Other attacks are also possible. Update the plugin.
Affected versions: max 1.5.
Status: vulnerable

Timely All-in-One Events Calendar # 2ff8446e-4277-407c-b43d-4146d5e3cfdb

CVE, Research URL: 2ff8446e-4277-407c-b43d-4146d5e3cfdb
Home page URL: Security reports for Timely All-in-One Events Calendar
Application: Timely All-in-One Events Calendar
Date: -
Research Description: Timely All-in-One Events Calendar [all-in-one-event-calendar] < 1.10 (closed) All-in-One Event Calendar 1.9 - wp-admin/post-new.php Multiple Parameter XSS The All-in-One Event Calendar WordPress plugin was affected by a wp-admin/post-new.php Multiple Parameter XSS security vulnerability.
Affected versions: max 1.10.
Status: vulnerable

Timely All-in-One Events Calendar # 055e28dbfe067929c5c997fe11a477ef6b36c687

CVE, Research URL: 055e28dbfe067929c5c997fe11a477ef6b36c687
Home page URL: Security reports for Timely All-in-One Events Calendar
Application: Timely All-in-One Events Calendar
Date: May 04, 2019
Research Description: Timely All-in-One Events Calendar [all-in-one-event-calendar] < 2.5.39 (closed) Timely All-in-One Events Calendar <= 2.5.38 - Cross-Site Scripting The Timely All-in-One Events Calendar plugin for WordPress is vulnerable to Cross-Site Scripting via several parameters related to event input in versions up to, and including, 2.5.38 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
Affected versions: max 2.5.39.
Status: vulnerable

Timely All-in-One Events Calendar # a557ea43720d1c85c2e19afad6935a524a2e4b0e

CVE, Research URL: a557ea43720d1c85c2e19afad6935a524a2e4b0e
Home page URL: Security reports for Timely All-in-One Events Calendar
Application: Timely All-in-One Events Calendar
Date: Mar 07, 2013
Research Description: Timely All-in-One Events Calendar [all-in-one-event-calendar] < 1.10 (closed) All-in-One Events Calendar < 1.10 - SQL Injection The All-in-One Events Calendar plugin for WordPress is vulnerable to SQL Injection via the “ai1ec_cat_ids”, “ai1ec_post_ids” and “ai1ec_tag_ids” parameters in versions up to, and including, 1.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Affected versions: max 1.10.
Status: vulnerable

Timely All-in-One Events Calendar # 3b37573bcad90b2103dbff78cb2e38672b153b9c

CVE, Research URL: 3b37573bcad90b2103dbff78cb2e38672b153b9c
Home page URL: Security reports for Timely All-in-One Events Calendar
Application: Timely All-in-One Events Calendar
Date: May 15, 2015
Research Description: Timely All-in-One Events Calendar [all-in-one-event-calendar] < 1.10 (closed) WordPress All in One Event Calendar Plugin <= 1.9 - XSS This plugin is prone to a cross site scripting vulnerability in wp-admin/post-new.php multiple parameter. Update the plugin.
Affected versions: max 1.10.
Status: vulnerable

Timely All-in-One Events Calendar # 94f37b56-4ca1-4b8f-9511-6125043b4763

CVE, Research URL: 94f37b56-4ca1-4b8f-9511-6125043b4763
Home page URL: Security reports for Timely All-in-One Events Calendar
Application: Timely All-in-One Events Calendar
Date: -
Research Description: Timely All-in-One Events Calendar [all-in-one-event-calendar] < 2.5.39 (closed) All-in-One Event Calendar <= 2.5.38 - Cross-Site Scripting (XSS) The All-in-One Event Calendar WordPress plugin was affected by a Cross-Site Scripting (XSS) security vulnerability.
Affected versions: max 2.5.39.
Status: vulnerable

Timely All-in-One Events Calendar # aeacdda5-6039-4ce7-8b5a-f58a740cf4d1

CVE, Research URL: aeacdda5-6039-4ce7-8b5a-f58a740cf4d1
Home page URL: Security reports for Timely All-in-One Events Calendar
Application: Timely All-in-One Events Calendar
Date: -
Research Description: Timely All-in-One Events Calendar [all-in-one-event-calendar] < 1.10 (closed) All-in-One Event Calendar 1.9 - index.php Multiple Parameter SQL Injection The All-in-One Event Calendar WordPress plugin was affected by an index.php Multiple Parameter SQL Injection security vulnerability.
Affected versions: max 1.10.
Status: vulnerable

Timely All-in-One Events Calendar # 3658fe123f64cd6ed8675001612f3eb313ef5458

CVE, Research URL: 3658fe123f64cd6ed8675001612f3eb313ef5458
Home page URL: Security reports for Timely All-in-One Events Calendar
Application: Timely All-in-One Events Calendar
Date: Nov 14, 2013
Research Description: Timely All-in-One Events Calendar [all-in-one-event-calendar] < 1.10 (closed) Timely All-in-One Events Calendar < 1.10 - Cross-Site Scripting The Timely All-in-One Events Calendar plugin for WordPress is vulnerable to Cross-Site Scripting via several parameters in versions before 1.10 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
Affected versions: max 1.10.
Status: vulnerable