ByteOS Network

themefunction

Source -

CNA

BOS Name -

N/A

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

3Vulnerabilities found

CVE-2025-52730

Assigner-Patchstack

View Details

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.14% / 34.37%

7 Day CHG+0.09%

Published-14 Aug, 2025 | 10:34

Updated-12 May, 2026 | 00:33

WordPress WordPress Event Manager, Event Calendar and Booking Plugin Plugin <= 4.0.24 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themefunction WordPress Event Manager, Event Calendar and Booking Plugin eventin-pro allows Stored XSS.This issue affects WordPress Event Manager, Event Calendar and Booking Plugin: from n/a through <= 4.0.24.

Vendor-themefunction

Product-WordPress Event Manager, Event Calendar and Booking Plugin

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2025-52731

Assigner-Patchstack

View Details

Assigner-Patchstack

CVSS Score-7.5||HIGH

EPSS-0.27% / 50.88%

7 Day CHG+0.20%

Published-14 Aug, 2025 | 10:34

Updated-28 Apr, 2026 | 16:13

WordPress WordPress Event Manager, Event Calendar and Booking Plugin Plugin <= 4.0.24 - Arbitrary Content Deletion Vulnerability

Missing Authorization vulnerability in themefunction WordPress Event Manager, Event Calendar and Booking Plugin eventin-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Event Manager, Event Calendar and Booking Plugin: from n/a through <= 4.0.24.

Vendor-themefunction

Product-WordPress Event Manager, Event Calendar and Booking Plugin

CWE ID-CWE-862

Missing Authorization

CVE-2025-26739

Assigner-Patchstack

View Details

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.17% / 38.64%

7 Day CHG~0.00%

Published-26 Mar, 2025 | 14:58

Updated-28 Apr, 2026 | 16:11

WordPress newseqo theme <= 2.1.1 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themefunction newseqo allows Stored XSS.This issue affects newseqo: from n/a through 2.1.1.

Vendor-themefunction

Product-newseqo

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')