Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
calendar vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-4571
Multiple cross-site scripting (XSS) vulnerabilities in vncal.js.php in the VN-Calendar plugin 1.0 and previous versions for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) fs or (2) w parameter.
Vn-calendar Project Vn-calendar
NA
CVE-2005-4008
SQL injection vulnerability in jax_calendar.php in Jax Calendar 1.34 allows remote malicious users to execute arbitrary SQL commands via the (1) cal_id parameter, and possibly the (2) Y and (3) m parameters.
Jax Calendar Jax Calendar 1.34
8.8
CVSSv3
CVE-2022-47427
Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dolson My Calendar plugin <= 3.3.24.1 versions.
My Calendar Project My Calendar
9.8
CVSSv3
CVE-2013-10023
A vulnerability was found in Editorial Calendar Plugin up to 2.6 on WordPress. It has been declared as critical. Affected by this vulnerability is the function edcal_filter_where of the file edcal.php. The manipulation of the argument edcal_startDate/edcal_endDate leads to sql in...
Editorial Calendar Project Editorial Calendar
6.1
CVSSv3
CVE-2021-34667
The Calendar_plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of `$_SERVER['PHP_SELF']` in the ~/calendar.php file which allows malicious users to inject arbitrary web scripts, in versions up to and including 1.0.
Calendar Plugin Project Calendar Plugin
5.4
CVSSv3
CVE-2022-45814
Stored Cross-Site Scripting (XSS) vulnerability in Fabian von Allmen WP Calendar plugin <= 1.5.3 versions.
Wp Calendar Project Wp Calendar
7.2
CVSSv3
CVE-2021-24553
The Timeline Calendar WordPress plugin up to and including 1.2 does not sanitise, validate or escape the edit GET parameter before using it in a SQL statement when editing events, leading to an authenticated SQL injection issue. Other SQL Injections are also present in the plugin
Timeline Calendar Project Timeline Calendar
9.8
CVSSv3
CVE-2022-2314
The VR Calendar WordPress plugin up to and including 2.3.2 lets any user execute arbitrary PHP functions on the site.
Vr Calendar Project Vr Calendar
5.4
CVSSv3
CVE-2020-23762
Cross Site Scripting (XSS) vulnerability in the Larsens Calender plugin Version <= 1.2 for WordPress allows remote malicious users to execute arbitrary web script via the "titel" column on the "Eintrage hinzufugen" tab.
Larsens Calendar Project Larsens Calendar
6.5
CVSSv3
CVE-2022-3852
The VR Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.3. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated malicious users to delete, and modify ca...
Vr Calendar Project Vr Calendar
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2018-25103
CVE-2024-36279
CVE-2024-38457
elevation of privilege
CVE-2024-27801
CVE-2024-30103
NULL pointer dereference
CVE-2024-6057
XML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »