Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
calendar plugin project calendar plugin vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2013-10023
A vulnerability was found in Editorial Calendar Plugin up to 2.6 on WordPress. It has been declared as critical. Affected by this vulnerability is the function edcal_filter_where of the file edcal.php. The manipulation of the argument edcal_startDate/edcal_endDate leads to sql in...
Editorial Calendar Project Editorial Calendar
9.8
CVSSv3
CVE-2022-2314
The VR Calendar WordPress plugin up to and including 2.3.2 lets any user execute arbitrary PHP functions on the site.
Vr Calendar Project Vr Calendar
9.8
CVSSv3
CVE-2018-5315
The Wachipi WP Events Calendar plugin 1.0 for WordPress has SQL Injection via the event_id parameter to event.php.
Wp Events Calendar Project Wp Events Calendar 1.0
1 EDB exploit
8.8
CVSSv3
CVE-2023-31093
Cross-Site Request Forgery (CSRF) vulnerability in Chronosly Chronosly Events Calendar plugin <= 2.6.2 versions.
Chronosly-events-calendar Project Chronosly-events-calendar
8.8
CVSSv3
CVE-2023-23813
Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dolson My Calendar plugin <= 3.4.3 versions.
My Calendar Project My Calendar
8.8
CVSSv3
CVE-2022-47427
Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dolson My Calendar plugin <= 3.3.24.1 versions.
My Calendar Project My Calendar
8.8
CVSSv3
CVE-2022-1463
The Booking Calendar plugin for WordPress is vulnerable to PHP Object Injection via the [bookingflextimeline] shortcode in versions up to, and including, 9.1. This could be exploited by subscriber-level users and above to call arbitrary PHP objects on a vulnerable site.
Booking Calendar Project Booking Calendar
8.8
CVSSv3
CVE-2018-20556
SQL injection vulnerability in Booking Calendar plugin 8.4.3 for WordPress allows remote malicious users to execute arbitrary SQL commands via the booking_id parameter.
Booking Calendar Project Booking Calendar 8.4.3
1 EDB exploit
8.8
CVSSv3
CVE-2018-5673
An issue exists in the booking-calendar plugin 2.1.7 for WordPress. CSRF exists via wp-admin/admin.php.
Booking Calendar Project Booking Calendar 2.1.7
7.2
CVSSv3
CVE-2021-24553
The Timeline Calendar WordPress plugin up to and including 1.2 does not sanitise, validate or escape the edit GET parameter before using it in a SQL statement when editing events, leading to an authenticated SQL injection issue. Other SQL Injections are also present in the plugin
Timeline Calendar Project Timeline Calendar
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »