A critical vulnerability was discovered in The Events Calendar plugin, affecting versions from 6.15.12 through 6.16.2. This vulnerability, CVE-2026-49772, is an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') issue, which allows for blind SQL injection attacks. The CVSS score for this vulnerability is 9.3, indicating a critical severity level.
MEDIUMLiquid Web / StellarWPCVE published 2026-06-15
CVE-2026-42662 is a MEDIUM severity vulnerability (CVSS Score: 6.5) in the Event Tickets plugin versions <= 5.27.5. The vulnerability is described as an unauthenticated bypass vulnerability. The CVE was published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2026-42662) and last modified on [cveModifiedAt](https://nvd.nist.gov/vuln/detail/CVE-2026-42662). The vulnerability's details are sourced [truncated]
HIGHLiquid Web / StellarWPCVE published 2026-06-15
CVE-2026-34900 is a HIGH severity Unauthenticated Cross Site Scripting (XSS) vulnerability in GiveWP versions <= 4.14.2. The vulnerability has a CVSS score of 7.1 and was published on {cvePublishedAt}.
HIGHLiquid Web / StellarWPCVE published 2026-06-01