CVE-2026-40308P2HIGHCVSS 8.8PoCfixed in 3.7.72026-04-16
CVE-2026-40308 [HIGH] CWE-639 CVE-2026-40308: My Calendar is a WordPress plugin for managing calendar events. In versions 3.7.6 and below, the mc_
My Calendar is a WordPress plugin for managing calendar events. In versions 3.7.6 and below, the mc_ajax_mcjs_action AJAX endpoint, registered for unauthenticated users, passes user-supplied arguments through parse_str() without validation, allowing injection of arbitrary parameters including a site value. On WordPress Multisite installations, this en
ghsanvd