VYPR

Private Google Calendars

by WordPress

Source repositories

CVEs (2)

  • CVE-2023-52198MedJan 8, 2024
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michiel van Eerd Private Google Calendars allows Stored XSS.This issue affects Private Google Calendars: from n/a through 20231125.

  • CVE-2025-12526MedNov 11, 2025
    risk 0.28cvss 4.3epss 0.00

    The Private Google Calendars plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pgc_remove' action in all versions up to, and including, 20250811. This makes it possible for authenticated attackers, with…