Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
calendar vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-1123
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_frontend_event_submission() function in all versions up to, and including, 3.4.2. This makes it possi...
NA
CVE-2024-1124
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the ep_send_attendees_email() function in all versions up to, and including, 3.4.1. This makes it possible for authen...
NA
CVE-2024-1125
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the calendar_events_delete() function in all versions up to, and including, 3.4.3. This makes it possible for authenti...
NA
CVE-2024-1320
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'offline_status' parameter in all versions up to, and including, 3.4.3 due to insufficient input sanitization and output escaping. This...
NA
CVE-2024-23289
A lock screen issue was addressed with improved state management. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. A person with physical access to a device may be able to use Siri to access private calendar informati...
NA
CVE-2024-28097
Calendar functionality in Schoolbox application before version 23.1.3 is vulnerable to stored cross-site scripting allowing authenticated malicious user to perform security actions in the context of the affected users.
NA
CVE-2024-1760
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.6.20. This is due to missing or incorrect nonce validation on the ssa_factory_reset() fu...
NA
CVE-2024-1425
The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Calendar Widget Link in all versions up to, and including, ...
NA
CVE-2023-48653
Concrete CMS prior to 8.5.14 and 9 prior to 9.2.3 allows Cross Site Request Forgery (CSRF) via ccm/calendar/dialogs/event/delete/submit. An attacker can force an admin to delete events on the site because the event ID is numeric and sequential.
NA
CVE-2024-0855
The Spiffy Calendar WordPress plugin prior to 4.9.9 doesn't check the event_author parameter, and allows any user to alter it when creating an event, leading to deceiving users/admins that a page was created by a Contributor+.
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23692
CVE-2012-1823
memory leak
CVE-2024-0627
CVE-2024-31402
privilege escalation
CVE-2024-36418
remote code execution
CVE-2024-27844
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »