Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
calendar vulnerabilities and exploits
(subscribe to this query)
312
VMScore
CVE-2020-23762
Cross Site Scripting (XSS) vulnerability in the Larsens Calender plugin Version <= 1.2 for WordPress allows remote malicious users to execute arbitrary web script via the "titel" column on the "Eintrage hinzufugen" tab.
Larsens Calendar Project Larsens Calendar
NA
CVE-2013-10023
A vulnerability was found in Editorial Calendar Plugin up to 2.6 on WordPress. It has been declared as critical. Affected by this vulnerability is the function edcal_filter_where of the file edcal.php. The manipulation of the argument edcal_startDate/edcal_endDate leads to sql in...
Editorial Calendar Project Editorial Calendar
NA
CVE-2022-4115
The Editorial Calendar WordPress plugin prior to 3.8.3 does not sanitise and escape its settings, allowing users with roles as low as contributor to inject arbitrary web scripts in the plugin admin panel, enabling a Stored Cross-Site Scripting vulnerability targeting higher privi...
Editorial Calendar Project Editorial Calendar
760
VMScore
CVE-2009-3702
Multiple absolute path traversal vulnerabilities in PHP-Calendar 1.1 allow remote malicious users to include and execute arbitrary local files via a full pathname in the configfile parameter to (1) update08.php or (2) update10.php. NOTE: in some environments, this can be leverage...
Php-calendar Php-calendar 1.1
2 EDB exploits
578
VMScore
CVE-2022-1463
The Booking Calendar plugin for WordPress is vulnerable to PHP Object Injection via the [bookingflextimeline] shortcode in versions up to, and including, 9.1. This could be exploited by subscriber-level users and above to call arbitrary PHP objects on a vulnerable site.
Booking Calendar Project Booking Calendar
NA
CVE-2022-47427
Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dolson My Calendar plugin <= 3.3.24.1 versions.
My Calendar Project My Calendar
312
VMScore
CVE-2018-3763
In Nextcloud Calendar prior to 1.5.8 and 1.6.1, a missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected group names, hence malicious search results could only be crafted by pr...
Nextcloud Calendar
Nextcloud Calendar 1.6.0
655
VMScore
CVE-2018-20556
SQL injection vulnerability in Booking Calendar plugin 8.4.3 for WordPress allows remote malicious users to execute arbitrary SQL commands via the booking_id parameter.
Booking Calendar Project Booking Calendar 8.4.3
1 EDB exploit
312
VMScore
CVE-2018-5670
An issue exists in the booking-calendar plugin 2.1.7 for WordPress. XSS exists via the wp-admin/admin.php sale_conditions[count][] parameter.
Booking Calendar Project Booking Calendar 2.1.7
312
VMScore
CVE-2018-5671
An issue exists in the booking-calendar plugin 2.1.7 for WordPress. XSS exists via the wp-admin/admin.php extra_field1[items][field_item1][price_percent] parameter.
Booking Calendar Project Booking Calendar 2.1.7
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »