Vulnerabilities

CVE-2026-2429 - Community Events <= 1.5.8 - authenticated (administrator+) sql injection via 'ce_...

2026-03-07 0 views admin
CVE-2026-2429 - Community Events <= 1.5.8 - authenticated (administrator+) sql injection via 'ce_...

CVE ID :CVE-2026-2429 Published : March 7, 2026, 2:16 a.m. | 1 hour, 10 minutes ago Description :The Community Events plugin for WordPress is vulnerable to SQL Injection via the 'ce_venue_name' CSV field in the `on_save_changes_venues` function in all versions up to, and including, 1.5.8. This is due to insufficient escaping on the user-supplied CSV data and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database via a crafted CSV file upload. Severity: 4.9 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

Severity
MEDIUM
Published
March 7, 2026
Affected Product: WordPress
Impact: SQL Injection

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2026-2429mediumwordpress

More from Vulnerabilities

CVE-2025-14353 - ZIP Code Based Content Protection <= 1.0.2 - unauthenticated sql injection via '...

CVE-2025-14353 - ZIP Code Based Content Protection <= 1.0.2 - unauthenticated sql injection via '...

2026-03-07 0
CVE-2026-1902 - Hammas Calendar <= 1.5.11 - authenticated (contributor+) stored cross-site script...

CVE-2026-1902 - Hammas Calendar <= 1.5.11 - authenticated (contributor+) stored cross-site script...

2026-03-07 0
CVE-2026-1650 - MDJM Event Management <= 1.7.8.1 - missing authorization to unauthenticated arbit...

CVE-2026-1650 - MDJM Event Management <= 1.7.8.1 - missing authorization to unauthenticated arbit...

2026-03-07 0
CVE-2026-2494 - ProfileGrid <= 5.9.8.2 - cross-site request forgery to group membership request a...

CVE-2026-2494 - ProfileGrid <= 5.9.8.2 - cross-site request forgery to group membership request a...

2026-03-07 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views