cleantalk
Vulnerabilities and Security Researches

Community Events, CVE-2025-14029

CVE, Research URL

CVE-2025-14029

Home page URL

Security reports for Community Events

Application

Community Events

Published on
Jan 17, 2026
Research Description
The Community Events plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_admin_event_approval() function in all versions up to, and including, 1.5.6. This makes it possible for unauthenticated attackers to approve arbitrary events via the 'eventlist' parameter.
Affected versions
max 1.5.7.
Status
vulnerable
Previous vulnerability researches
Community Events (CVE-2025-12646) , Dec 11, 2025
Community Events (CVE-2025-11995) , Nov 11, 2025
Community Events (CVE-2025-10586) , Nov 11, 2025
Community Events (CVE-2025-10587) , Nov 11, 2025
Community Events (CVE-2025-14029) , Jan 27, 2026
New vulnerability
CodeColorer (CVE-2026-4032) , Apr 17, 2026
VI: Include Post By (CVE-2026-5717) , Apr 17, 2026
Responsive Accordion Slider (CVE-2026-0635) , Apr 17, 2026
Petje.af (CVE-2026-4002) , Apr 17, 2026
LinkedIn SC (CVE-2026-0812) , Apr 17, 2026