VYPR

Packagist (Composer) package

joedolson/my-calendar

pkg:composer/joedolson/my-calendar

Vulnerabilities (1)

  • CVE-2026-40308HigApr 16, 2026
    affected < 3.7.7fixed 3.7.7

    My Calendar is a WordPress plugin for managing calendar events. In versions 3.7.6 and below, the mc_ajax_mcjs_action AJAX endpoint, registered for unauthenticated users, passes user-supplied arguments through parse_str() without validation, allowing injection of arbitrary paramet