CVE-2026-7525
- EPSS 0.02%
- Veröffentlicht 14.05.2026 03:27:14
- Zuletzt bearbeitet 14.05.2026 14:29:01
The My Calendar – Accessible Event Manager plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.7.9. This is due to the plugin not properly verifying that a user is authorized to perform an action. This m...
CVE-2026-40308
- EPSS 1.89%
- Veröffentlicht 16.04.2026 21:30:52
- Zuletzt bearbeitet 28.04.2026 21:15:56
My Calendar is a WordPress plugin for managing calendar events. In versions 3.7.6 and below, the mc_ajax_mcjs_action AJAX endpoint, registered for unauthenticated users, passes user-supplied arguments through parse_str() without validation, allowing ...
CVE-2026-2355
- EPSS 0.02%
- Veröffentlicht 04.03.2026 11:22:29
- Zuletzt bearbeitet 22.04.2026 21:26:58
The My Calendar – Accessible Event Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `template` attribute of the `[my_calendar_upcoming]` shortcode in all versions up to, and including, 3.7.3. This is due to the use of...
CVE-2025-67592
- EPSS 0.03%
- Veröffentlicht 09.12.2025 14:14:17
- Zuletzt bearbeitet 27.04.2026 18:16:45
Missing Authorization vulnerability in Joe Dolson My Calendar my-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects My Calendar: from n/a through <= 3.6.16.