CVE-2026-6854
- EPSS 0.27%
- Veröffentlicht 08.07.2026 11:30:33
- Zuletzt bearbeitet 08.07.2026 14:55:07
The My Calendar – Accessible Event Manager plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'mc_auth' parameter in all versions up to, and including, 3.7.8 due to insufficient escaping on the user supplied parameter and la...
CVE-2026-11896
- EPSS 0.54%
- Veröffentlicht 02.07.2026 08:33:06
- Zuletzt bearbeitet 02.07.2026 20:17:00
The My Calendar – Accessible Event Manager plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.7.14 via the 'vcal' parameter due to missing validation on a user controlled key. This makes it ...
CVE-2026-7525
- EPSS 0.34%
- Veröffentlicht 14.05.2026 03:27:14
- Zuletzt bearbeitet 14.05.2026 14:29:01
The My Calendar – Accessible Event Manager plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.7.9. This is due to the plugin not properly verifying that a user is authorized to perform an action. This m...
CVE-2026-40308
- EPSS 0.93%
- Veröffentlicht 16.04.2026 21:30:52
- Zuletzt bearbeitet 28.04.2026 21:15:56
My Calendar is a WordPress plugin for managing calendar events. In versions 3.7.6 and below, the mc_ajax_mcjs_action AJAX endpoint, registered for unauthenticated users, passes user-supplied arguments through parse_str() without validation, allowing ...
CVE-2026-2355
- EPSS 0.28%
- Veröffentlicht 04.03.2026 11:22:29
- Zuletzt bearbeitet 22.04.2026 21:26:58
The My Calendar – Accessible Event Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `template` attribute of the `[my_calendar_upcoming]` shortcode in all versions up to, and including, 3.7.3. This is due to the use of...
CVE-2025-67592
- EPSS 0.16%
- Veröffentlicht 09.12.2025 14:14:17
- Zuletzt bearbeitet 27.04.2026 18:16:45
Missing Authorization vulnerability in Joe Dolson My Calendar my-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects My Calendar: from n/a through <= 3.6.16.