VYPR

Cgm Event Calendar

by WordPress

Source repositories

CVEs (4)

  • CVE-2024-8700HigMay 15, 2025
    risk 0.49cvss 7.5epss 0.00

    The Event Calendar WordPress plugin through 1.0.4 does not check for authorization on delete actions, allowing unauthenticated users to delete arbitrary calendars.

  • CVE-2025-31462HigApr 1, 2025
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rzfarrell CGM Event Calendar cgm-event-calendar allows Reflected XSS.This issue affects CGM Event Calendar: from n/a through <= 0.8.5.

  • CVE-2021-25024MedJan 17, 2022
    risk 0.40cvss 6.1epss 0.01

    The EventCalendar WordPress plugin before 1.1.51 does not escape some user input before outputting it back in attributes, leading to Reflected Cross-SIte Scripting issues

  • CVE-2021-25025MedJan 17, 2022
    risk 0.28cvss 4.3epss 0.00

    The EventCalendar WordPress plugin before 1.1.51 does not have proper authorisation and CSRF checks in the add_calendar_event AJAX actions, allowing users with a role as low as subscriber to create events