VYPR

My Calendar

by WordPress

Source repositories

CVEs (8)

  • CVE-2024-25916MedMar 15, 2024
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Joseph C Dolson My Calendar allows Stored XSS.This issue affects My Calendar: from n/a through 3.4.23.

  • CVE-2023-6360Nov 30, 2023
    risk 0.07cvss epss 0.63

    The 'My Calendar' WordPress Plugin, version < 3.4.22 is affected by an unauthenticated SQL injection vulnerability in the 'from' and 'to' parameters in the '/my-calendar/v1/events' rest route.

  • CVE-2024-1274Apr 2, 2024
    risk 0.00cvss epss 0.00

    The My Calendar WordPress plugin before 3.4.24 does not sanitise and escape some parameters, which could allow users with a role as low as Subscriber to perform Cross-Site Scripting attacks (depending on the permissions set by the admin)

  • CVE-2023-23813May 22, 2023
    risk 0.00cvss epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dolson My Calendar plugin <= 3.4.3 versions.

  • CVE-2022-47427Mar 15, 2023
    risk 0.00cvss epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dolson My Calendar plugin <= 3.3.24.1 versions.

  • CVE-2021-24927Nov 29, 2021
    risk 0.00cvss epss 0.01

    The My Calendar WordPress plugin before 3.2.18 does not sanitise and escape the callback parameter of the mc_post_lookup AJAX action (available to any authenticated user) before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue

  • CVE-2019-15713Aug 28, 2019
    risk 0.00cvss epss 0.03

    The my-calendar plugin before 3.1.10 for WordPress has XSS.

  • CVE-2012-6527Jan 31, 2013
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the My Calendar plugin before 1.10.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.