Innate-Images-Llc Vr Calendar vulnerabilities
2 known vulnerabilities affecting innate-images-llc/vr_calendar.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2022-3852P4MEDIUMCVSS 6.5≤ 2.3.32022-11-03
CVE-2022-3852 [MEDIUM] CWE-352 CVE-2022-3852: The VR Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to,
The VR Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.3. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to delete, and modify calendars as well as the plugin settings, via forged request granted they can tric
nvd
CVE-2025-5936P4MEDIUMCVSS 4.3≤ 2.4.72025-06-27
CVE-2025-5936 [MEDIUM] CWE-352 CVE-2025-5936: The VR Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up
The VR Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.7. This is due to missing or incorrect nonce validation on the syncCalendar() function. This makes it possible for unauthenticated attackers to trigger a calendar sync via a forged request granted they can trick a site administrato
nvd