Jw Calendar
by Jw Calendar
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-47609 | Hig | 0.57 | 8.8 | 0.01 | Nov 14, 2023 | SQL injection vulnerability in OSS Calendar versions prior to v.2.0.3 allows a remote authenticated attacker to execute arbitrary code or obtain and/or alter the information stored in the database by sending a specially crafted request. | ||
| CVE-2026-2355 | Med | 0.42 | 6.4 | 0.00 | Mar 4, 2026 | The My Calendar – Accessible Event Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `template` attribute of the `[my_calendar_upcoming]` shortcode in all versions up to, and including, 3.7.3. This is due to the use of `stripcslashes()` on… | ||
| CVE-2026-7525 | Med | 0.21 | 4.3 | 0.00 | May 14, 2026 | The My Calendar – Accessible Event Manager plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.7.9. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for… | ||
| CVE-2004-1400 | 0.04 | — | 0.07 | Dec 31, 2004 | The control panel in ASP Calendar does not require authentication to access, which allows remote attackers to gain unauthorized access via a direct request to main.asp. | |||
| CVE-2008-6319 | 0.03 | — | 0.01 | Feb 27, 2009 | SQL injection vulnerability in calendarevent.cfm in CF_Calendar allows remote attackers to execute arbitrary SQL commands via the calid parameter. | |||
| CVE-2010-4953 | 0.00 | — | 0.03 | Oct 9, 2011 | Unspecified vulnerability in the JW Calendar (jw_calendar) extension 1.3.20 and earlier for TYPO3 allows remote attackers to execute arbitrary code via unknown vectors. |
- risk 0.57cvss 8.8epss 0.01
SQL injection vulnerability in OSS Calendar versions prior to v.2.0.3 allows a remote authenticated attacker to execute arbitrary code or obtain and/or alter the information stored in the database by sending a specially crafted request.
- risk 0.42cvss 6.4epss 0.00
The My Calendar – Accessible Event Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `template` attribute of the `[my_calendar_upcoming]` shortcode in all versions up to, and including, 3.7.3. This is due to the use of `stripcslashes()` on…
- risk 0.21cvss 4.3epss 0.00
The My Calendar – Accessible Event Manager plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.7.9. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for…
- CVE-2004-1400Dec 31, 2004risk 0.04cvss —epss 0.07
The control panel in ASP Calendar does not require authentication to access, which allows remote attackers to gain unauthorized access via a direct request to main.asp.
- CVE-2008-6319Feb 27, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in calendarevent.cfm in CF_Calendar allows remote attackers to execute arbitrary SQL commands via the calid parameter.
- CVE-2010-4953Oct 9, 2011risk 0.00cvss —epss 0.03
Unspecified vulnerability in the JW Calendar (jw_calendar) extension 1.3.20 and earlier for TYPO3 allows remote attackers to execute arbitrary code via unknown vectors.