Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
calendar plugin project calendar plugin vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2013-10023
A vulnerability was found in Editorial Calendar Plugin up to 2.6 on WordPress. It has been declared as critical. Affected by this vulnerability is the function edcal_filter_where of the file edcal.php. The manipulation of the argument edcal_startDate/edcal_endDate leads to sql in...
Editorial Calendar Project Editorial Calendar
9.8
CVSSv3
CVE-2022-2314
The VR Calendar WordPress plugin up to and including 2.3.2 lets any user execute arbitrary PHP functions on the site.
Vr Calendar Project Vr Calendar
9.8
CVSSv3
CVE-2018-5315
The Wachipi WP Events Calendar plugin 1.0 for WordPress has SQL Injection via the event_id parameter to event.php.
Wp Events Calendar Project Wp Events Calendar 1.0
1 EDB exploit
8.8
CVSSv3
CVE-2023-31093
Cross-Site Request Forgery (CSRF) vulnerability in Chronosly Chronosly Events Calendar plugin <= 2.6.2 versions.
Chronosly-events-calendar Project Chronosly-events-calendar
8.8
CVSSv3
CVE-2023-23813
Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dolson My Calendar plugin <= 3.4.3 versions.
My Calendar Project My Calendar
8.8
CVSSv3
CVE-2022-47427
Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dolson My Calendar plugin <= 3.3.24.1 versions.
My Calendar Project My Calendar
8.8
CVSSv3
CVE-2022-1463
The Booking Calendar plugin for WordPress is vulnerable to PHP Object Injection via the [bookingflextimeline] shortcode in versions up to, and including, 9.1. This could be exploited by subscriber-level users and above to call arbitrary PHP objects on a vulnerable site.
Booking Calendar Project Booking Calendar
8.8
CVSSv3
CVE-2018-20556
SQL injection vulnerability in Booking Calendar plugin 8.4.3 for WordPress allows remote malicious users to execute arbitrary SQL commands via the booking_id parameter.
Booking Calendar Project Booking Calendar 8.4.3
1 EDB exploit
8.8
CVSSv3
CVE-2018-5673
An issue exists in the booking-calendar plugin 2.1.7 for WordPress. CSRF exists via wp-admin/admin.php.
Booking Calendar Project Booking Calendar 2.1.7
7.2
CVSSv3
CVE-2021-24552
The Simple Events Calendar WordPress plugin up to and including 1.4.0 does not sanitise, validate or escape the event_id POST parameter before using it in a SQL statement when deleting events, leading to an authenticated SQL injection issue
Simple Events Calendar Project Simple Events Calendar
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »