VYPR

EventCalendar

by WordPress

CVEs (2)

  • CVE-2021-25024MedJan 17, 2022
    risk 0.40cvss 6.1epss 0.01

    The EventCalendar WordPress plugin before 1.1.51 does not escape some user input before outputting it back in attributes, leading to Reflected Cross-SIte Scripting issues

  • CVE-2021-25025MedJan 17, 2022
    risk 0.28cvss 4.3epss 0.00

    The EventCalendar WordPress plugin before 1.1.51 does not have proper authorisation and CSRF checks in the add_calendar_event AJAX actions, allowing users with a role as low as subscriber to create events