VYPR

Calendar

by WordPress

Source repositories

CVEs (6)

  • CVE-2022-2314CriAug 15, 2022
    risk 0.65cvss 9.8epss 0.12

    The VR Calendar WordPress plugin through 2.3.2 lets any user execute arbitrary PHP functions on the site.

  • CVE-2024-2831HigMay 2, 2024
    risk 0.57cvss 8.8epss 0.01

    The Calendar plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcodes in all versions up to, and including, 1.3.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it…

  • CVE-2024-3756HigMay 6, 2024
    risk 0.49cvss 7.5epss 0.00

    The MF Gig Calendar WordPress plugin through 1.2.1 does not have CSRF checks in some places, which could allow attackers to make logged in Contributors and above delete arbitrary events via a CSRF attack

  • CVE-2025-14548MedDec 23, 2025
    risk 0.42cvss 6.4epss 0.00

    The Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'event_desc' parameter in all versions up to, and including, 1.3.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with…

  • CVE-2024-3755MedMay 6, 2024
    risk 0.35cvss 5.4epss 0.00

    The MF Gig Calendar WordPress plugin through 1.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in…

  • CVE-2013-2698May 27, 2014
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in the Calendar plugin before 1.3.3 for WordPress allows remote attackers to hijack the authentication of users for requests that add a calendar entry via unspecified vectors.