VYPR
Vendor

Jw Calendar

Products
1
CVEs
6
Across products
6
Status
Private

Products

1

Recent CVEs

6
  • CVE-2023-47609HigNov 14, 2023
    risk 0.57cvss 8.8epss 0.01

    SQL injection vulnerability in OSS Calendar versions prior to v.2.0.3 allows a remote authenticated attacker to execute arbitrary code or obtain and/or alter the information stored in the database by sending a specially crafted request.

  • CVE-2026-2355MedMar 4, 2026
    risk 0.42cvss 6.4epss 0.00

    The My Calendar – Accessible Event Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `template` attribute of the `[my_calendar_upcoming]` shortcode in all versions up to, and including, 3.7.3. This is due to the use of `stripcslashes()` on…

  • CVE-2026-7525MedMay 14, 2026
    risk 0.21cvss 4.3epss 0.00

    The My Calendar – Accessible Event Manager plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.7.9. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for…

  • CVE-2004-1400Dec 31, 2004
    risk 0.04cvss epss 0.07

    The control panel in ASP Calendar does not require authentication to access, which allows remote attackers to gain unauthorized access via a direct request to main.asp.

  • CVE-2008-6319Feb 27, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in calendarevent.cfm in CF_Calendar allows remote attackers to execute arbitrary SQL commands via the calid parameter.

  • CVE-2010-4953Oct 9, 2011
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the JW Calendar (jw_calendar) extension 1.3.20 and earlier for TYPO3 allows remote attackers to execute arbitrary code via unknown vectors.