Joedolson My Calendar vulnerabilities
3 known vulnerabilities affecting joedolson/my_calendar.
Total CVEs
3
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL1MEDIUM1LOW1
Vulnerabilities
Page 1 of 1
CVE-2023-6360P1CRITICALCVSS 9.8ExploitedPoCfixed in 3.4.222023-11-30
CVE-2023-6360 [CRITICAL] CWE-89 CVE-2023-6360: The 'My Calendar' WordPress Plugin, version < 3.4.22 is affected by an unauthenticated SQL injection
The 'My Calendar' WordPress Plugin, version < 3.4.22 is affected by an unauthenticated SQL injection vulnerability in the 'from' and 'to' parameters in the '/my-calendar/v1/events' rest route.
nvd
CVE-2024-1274P4MEDIUMCVSS 5.4fixed in 3.4.242024-04-02
CVE-2024-1274 [MEDIUM] CWE-79 CVE-2024-1274: The My Calendar WordPress plugin before 3.4.24 does not sanitise and escape some parameters, which c
The My Calendar WordPress plugin before 3.4.24 does not sanitise and escape some parameters, which could allow users with a role as low as Subscriber to perform Cross-Site Scripting attacks (depending on the permissions set by the admin)
nvd
CVE-2012-6527P4LOWCVSS 2.6≤ 1.10.1v1.1.0+50 more2013-01-31
CVE-2012-6527 [LOW] CWE-79 CVE-2012-6527: Cross-site scripting (XSS) vulnerability in the My Calendar plugin before 1.10.2 for WordPress allow
Cross-site scripting (XSS) vulnerability in the My Calendar plugin before 1.10.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
nvd