CVE-2025-10586

Name of the Vulnerable Software and Affected Versions WordPress Community Events plugin versions through 1.5.1

Description The WordPress Community Events plugin is susceptible to a SQL Injection issue due to inadequate input sanitization of the event venue parameter. This allows authenticated attackers with Subscriber-level access or higher to inject additional SQL queries into existing database queries, potentially leading to the extraction of sensitive information. The event venue parameter is vulnerable because of insufficient escaping and a lack of proper preparation of the SQL query.

Recommendations Versions prior to and including 1.5.1 should be updated.