cleantalk
Vulnerabilities and Security Researches

Tockify Events Calendar, CVE-2025-32174

CVE, Research URL

CVE-2025-32174

Home page URL

Security reports for Tockify Events Calendar

Application

Tockify Events Calendar

Published on
Apr 04, 2025
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tockify Tockify Events Calendar allows DOM-Based XSS. This issue affects Tockify Events Calendar: from n/a through 2.2.13.
Affected versions
Min -, max 2.2.13.
Status
vulnerable
Previous vulnerability researches
Quiz Cat – WordPress Quiz Plugin (CVE-2025-30877) , Apr 03, 2025
Quiz Cat – WordPress Quiz Plugin (3cd37a00222bc93228b7d749030ad82e41d50b65) , Jun 07, 2024
New vulnerability
Embed Chessboard (CVE-2025-32177) , Apr 06, 2025
teachPress (CVE-2025-32149) , Apr 06, 2025
Easy Query – WP Query Builder (CVE-2025-32120) , Apr 06, 2025
Slider a SlidersPack – Image Slider, Post Slider, ACF Gallery Slider (CVE-2025-32152) , Apr 06, 2025
VG WooCarousel (CVE-2025-32153) , Apr 06, 2025