Vr Calendar Project Vr Calendar vulnerabilities
3 known vulnerabilities affecting vr_calendar_project/vr_calendar.
Total CVEs
3
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2022-2314P1CRITICALCVSS 9.8ExploitedPoC≤ 2.3.22022-08-15
CVE-2022-2314 [CRITICAL] CWE-78 CVE-2022-2314: The VR Calendar WordPress plugin through 2.3.2 lets any user execute arbitrary PHP functions on the
The VR Calendar WordPress plugin through 2.3.2 lets any user execute arbitrary PHP functions on the site.
nvd
CVE-2022-3852P4MEDIUMCVSS 6.5fixed in 2.3.42022-11-03
CVE-2022-3852 [MEDIUM] CWE-352 CVE-2022-3852: The VR Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to,
The VR Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.3. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to delete, and modify calendars as well as the plugin settings, via forged request granted they can tric
nvd
CVE-2025-5936P4MEDIUMCVSS 4.3≤ 2.4.72025-06-27
CVE-2025-5936 [MEDIUM] CWE-352 CVE-2025-5936: The VR Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up
The VR Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.7. This is due to missing or incorrect nonce validation on the syncCalendar() function. This makes it possible for unauthenticated attackers to trigger a calendar sync via a forged request granted they can trick a site administrato
nvd