VYPR

Wp Cal Plugin

by WordPress

CVEs (4)

  • CVE-2008-0490Jan 30, 2008
    risk 0.03cvss epss 0.03

    SQL injection vulnerability in functions/editevent.php in the WP-Cal 0.3 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2023-6529Jan 8, 2024
    risk 0.00cvss epss 0.00

    The WP VR WordPress plugin before 8.3.15 does not authorisation and CSRF in a function hooked to admin_init, allowing unauthenticated users to downgrade the plugin, thus leading to Reflected or Stored XSS, as previous versions have such vulnerabilities.

  • CVE-2022-2388Aug 22, 2022
    risk 0.00cvss epss 0.00

    The WP Coder WordPress plugin before 2.5.3 does not have CSRF check in place when deleting code created by the plugin, which could allow attackers to make a logged in admin delete arbitrary ones via a CSRF attack

  • CVE-2022-1527May 30, 2022
    risk 0.00cvss epss 0.01

    The WP 2FA WordPress plugin before 2.2.1 does not sanitise and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting