CVE-2024-12468
- EPSS 1.41%
- Veröffentlicht 24.12.2024 09:15:06
- Zuletzt bearbeitet 28.02.2025 23:09:22
The WP Datepicker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wpdp_get_selected_datepicker' parameter in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping. This makes...
CVE-2024-47321
- EPSS 0.78%
- Veröffentlicht 01.11.2024 15:15:54
- Zuletzt bearbeitet 01.04.2026 16:18:04
Missing Authorization vulnerability in Fahad Mahmood WP Datepicker wp-datepicker.This issue affects WP Datepicker: from n/a through <= 2.1.1.
CVE-2024-44042
- EPSS 0.21%
- Veröffentlicht 06.10.2024 12:15:04
- Zuletzt bearbeitet 01.04.2026 16:17:56
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fahad Mahmood WP Datepicker wp-datepicker allows Stored XSS.This issue affects WP Datepicker: from n/a through <= 2.1.1.
CVE-2024-3895
- EPSS 0.28%
- Veröffentlicht 02.05.2024 17:15:32
- Zuletzt bearbeitet 08.04.2026 18:21:36
The WP Datepicker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpdp_add_new_datepicker_ajax() function in all versions up to, and including, 2.1.0. This makes it possible for authent...