CVE-2024-12468
- EPSS 0.63%
- Published 24.12.2024 09:15:06
- Last modified 28.02.2025 23:09:22
The WP Datepicker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wpdp_get_selected_datepicker' parameter in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping. This makes...
CVE-2024-47321
- EPSS 0.28%
- Published 01.11.2024 15:15:54
- Last modified 12.11.2024 20:29:51
Missing Authorization vulnerability in Fahad Mahmood WP Datepicker allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Datepicker: from n/a through 2.1.1.
CVE-2024-44042
- EPSS 0.09%
- Published 06.10.2024 12:15:04
- Last modified 27.02.2025 19:30:33
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Fahad Mahmood WP Datepicker allows Stored XSS.This issue affects WP Datepicker: from n/a through 2.1.1.
CVE-2024-3895
- EPSS 0.28%
- Published 02.05.2024 17:15:32
- Last modified 27.02.2025 16:24:20
The WP Datepicker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpdp_add_new_datepicker_ajax() function in all versions up to, and including, 2.1.0. This makes it possible for authent...