cleantalk
Vulnerabilities and Security Researches

The Events Calendar, CVE-2019-15109

CVE, Research URL

CVE-2019-15109

Home page URL

Security reports for The Events Calendar

Application

The Events Calendar

Published on
Aug 21, 2019
Research Description
The the-events-calendar plugin before 4.8.2 for WordPress has XSS via the tribe_paged URL parameter.
Affected versions
max 5.14.0.4.
Status
vulnerable
Previous vulnerability researches
Add infos to the events calendar (CVE-2024-11875) , Dec 13, 2024
Events Search For The Events Calendar (064f04a5db00947ea83e3596cf05df5e81a0431e) , Jun 07, 2024
The Events Calendar Countdown Addon (CVE-2025-49311) , Jun 15, 2025
The Events Calendar Countdown Addon (72efd54c37bb1879f4e964b54e1d1d309c51e9dd) , Jun 06, 2024
Event Single Page Builder For The Event Calendar (7f68072d92eed99e11001a92cee3345a9798f646) , Jun 07, 2024
New vulnerability
FileBird – WordPress Media Library Folders & File Manager (CVE-2025-11510) , Oct 29, 2025
WordPress Webinar Plugin – WebinarPress (CVE-2025-62972) , Oct 29, 2025
Genealogical Tree – WordPress Family Tree (CVE-2025-58023) , Oct 12, 2025
WPB Quick View Popup for WooCommerce – Display Product Informations in Popup on Button Click (CVE-2025-57967) , Oct 12, 2025
Mixtape (CVE-2025-9860) , Oct 12, 2025