VYPR

Jw Calendar

by WordPress

CVEs (3)

  • CVE-2026-40308HigApr 16, 2026
    risk 0.57cvss epss 0.01

    My Calendar is a WordPress plugin for managing calendar events. In versions 3.7.6 and below, the mc_ajax_mcjs_action AJAX endpoint, registered for unauthenticated users, passes user-supplied arguments through parse_str() without validation, allowing injection of arbitrary…

  • CVE-2026-2355MedMar 4, 2026
    risk 0.42cvss 6.4epss 0.00

    The My Calendar – Accessible Event Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `template` attribute of the `[my_calendar_upcoming]` shortcode in all versions up to, and including, 3.7.3. This is due to the use of `stripcslashes()` on…

  • CVE-2026-7525MedMay 14, 2026
    risk 0.21cvss 4.3epss 0.00

    The My Calendar – Accessible Event Manager plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.7.9. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for…