VYPR

WP Datepicker

by WordPress

CVEs (2)

  • CVE-2024-3895HigMay 2, 2024
    risk 0.50cvss 8.8epss 0.01

    The WP Datepicker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpdp_add_new_datepicker_ajax() function in all versions up to, and including, 2.1.0. This makes it possible for authenticated attackers, with …

  • CVE-2024-12468Dec 24, 2024
    risk 0.00cvss epss 0.00

    The WP Datepicker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wpdp_get_selected_datepicker' parameter in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping. This makes it possible for…