Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8
CVE-2023-48744
- EPSS 0.12%
- Veröffentlicht 30.11.2023 13:15:09
- Zuletzt bearbeitet 21.11.2024 08:32:21
Cross-Site Request Forgery (CSRF) vulnerability in Offshore Web Master Availability Calendar allows Cross Site Request Forgery.This issue affects Availability Calendar: from n/a through 1.2.6.
4.8
CVE-2021-24604
- EPSS 0.23%
- Veröffentlicht 20.09.2021 10:15:08
- Zuletzt bearbeitet 21.11.2024 05:53:23
The Availability Calendar WordPress plugin before 1.2.2 does not sanitise or escape its Category Names before outputting them in page/post where the associated shortcode is embed, allowing high privilege users to perform Cross-Site Scripting attacks ...
8.8
CVE-2021-24606
- EPSS 0.53%
- Veröffentlicht 20.09.2021 10:15:08
- Zuletzt bearbeitet 21.11.2024 05:53:23
The Availability Calendar WordPress plugin before 1.2.1 does not escape the category attribute from its shortcode before using it in a SQL statement, leading to a SQL Injection issue, which can be exploited by any user able to add shortcode to posts/...
1