Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
calendar plugin project calendar plugin vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2021-34667
The Calendar_plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of `$_SERVER['PHP_SELF']` in the ~/calendar.php file which allows malicious users to inject arbitrary web scripts, in versions up to and including 1.0.
Calendar Plugin Project Calendar Plugin
6.5
CVSSv2
CVE-2018-20556
SQL injection vulnerability in Booking Calendar plugin 8.4.3 for WordPress allows remote malicious users to execute arbitrary SQL commands via the booking_id parameter.
Booking Calendar Project Booking Calendar 8.4.3
1 EDB exploit
7.5
CVSSv2
CVE-2018-5315
The Wachipi WP Events Calendar plugin 1.0 for WordPress has SQL Injection via the event_id parameter to event.php.
Wp Events Calendar Project Wp Events Calendar 1.0
1 EDB exploit
7.5
CVSSv2
CVE-2014-8586
SQL injection vulnerability in the CP Multi View Event Calendar plugin 1.01 for WordPress allows remote malicious users to execute arbitrary SQL commands via the calid parameter.
Cp Multi View Event Calendar Project Cp Multi View Event Calendar 1.0.1
1 EDB exploit
NA
CVE-2022-4115
The Editorial Calendar WordPress plugin prior to 3.8.3 does not sanitise and escape its settings, allowing users with roles as low as contributor to inject arbitrary web scripts in the plugin admin panel, enabling a Stored Cross-Site Scripting vulnerability targeting higher privi...
Editorial Calendar Project Editorial Calendar
6.5
CVSSv2
CVE-2021-24553
The Timeline Calendar WordPress plugin up to and including 1.2 does not sanitise, validate or escape the edit GET parameter before using it in a SQL statement when editing events, leading to an authenticated SQL injection issue. Other SQL Injections are also present in the plugin
Timeline Calendar Project Timeline Calendar
4.3
CVSSv2
CVE-2019-15713
The my-calendar plugin prior to 3.1.10 for WordPress has XSS.
My Calendar Project My Calendar
NA
CVE-2023-23813
Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dolson My Calendar plugin <= 3.4.3 versions.
My Calendar Project My Calendar
NA
CVE-2022-47427
Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dolson My Calendar plugin <= 3.3.24.1 versions.
My Calendar Project My Calendar
NA
CVE-2022-45814
Stored Cross-Site Scripting (XSS) vulnerability in Fabian von Allmen WP Calendar plugin <= 1.5.3 versions.
Wp Calendar Project Wp Calendar
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »