Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
calendar plugin project calendar plugin vulnerabilities and exploits
(subscribe to this query)
755
VMScore
CVE-2018-5315
The Wachipi WP Events Calendar plugin 1.0 for WordPress has SQL Injection via the event_id parameter to event.php.
Wp Events Calendar Project Wp Events Calendar 1.0
1 EDB exploit
755
VMScore
CVE-2015-7235
Multiple SQL injection vulnerabilities in dex_reservations.php in the CP Reservation Calendar plugin prior to 1.1.7 for WordPress allow remote malicious users to execute arbitrary SQL commands via the (1) id parameter in a dex_reservations_calendar_load2 action or (2) dex_item pa...
Cp Reservation Calender Project Cp Reservation Calender
1 EDB exploit
755
VMScore
CVE-2014-8586
SQL injection vulnerability in the CP Multi View Event Calendar plugin 1.01 for WordPress allows remote malicious users to execute arbitrary SQL commands via the calid parameter.
Cp Multi View Event Calendar Project Cp Multi View Event Calendar 1.0.1
1 EDB exploit
655
VMScore
CVE-2018-20556
SQL injection vulnerability in Booking Calendar plugin 8.4.3 for WordPress allows remote malicious users to execute arbitrary SQL commands via the booking_id parameter.
Booking Calendar Project Booking Calendar 8.4.3
1 EDB exploit
605
VMScore
CVE-2018-5673
An issue exists in the booking-calendar plugin 2.1.7 for WordPress. CSRF exists via wp-admin/admin.php.
Booking Calendar Project Booking Calendar 2.1.7
578
VMScore
CVE-2022-1463
The Booking Calendar plugin for WordPress is vulnerable to PHP Object Injection via the [bookingflextimeline] shortcode in versions up to, and including, 9.1. This could be exploited by subscriber-level users and above to call arbitrary PHP objects on a vulnerable site.
Booking Calendar Project Booking Calendar
578
VMScore
CVE-2021-24552
The Simple Events Calendar WordPress plugin up to and including 1.4.0 does not sanitise, validate or escape the event_id POST parameter before using it in a SQL statement when deleting events, leading to an authenticated SQL injection issue
Simple Events Calendar Project Simple Events Calendar
578
VMScore
CVE-2021-24553
The Timeline Calendar WordPress plugin up to and including 1.2 does not sanitise, validate or escape the edit GET parameter before using it in a SQL statement when editing events, leading to an authenticated SQL injection issue. Other SQL Injections are also present in the plugin
Timeline Calendar Project Timeline Calendar
383
VMScore
CVE-2021-25040
The Booking Calendar WordPress plugin prior to 8.9.2 does not sanitise and escape the booking_type parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting
Booking Calendar Project Booking Calendar
383
VMScore
CVE-2021-24510
The MF Gig Calendar WordPress plugin prior to 1.2 does not sanitise and escape the id GET parameter before outputting back in the admin dashboard when editing an Event, leading to a reflected Cross-Site Scripting issue
Mf Gig Calendar Project Mf Gig Calendar
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »