CVE-2025-14548
- EPSS 0.05%
- Veröffentlicht 23.12.2025 09:20:00
- Zuletzt bearbeitet 23.12.2025 14:51:52
The Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'event_desc' parameter in all versions up to, and including, 1.3.16 due to insufficient input sanitization and output escaping. This makes it possible for authenti...
CVE-2024-2831
- EPSS 0.35%
- Veröffentlicht 02.05.2024 17:15:19
- Zuletzt bearbeitet 21.11.2024 09:10:37
The Calendar plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcodes in all versions up to, and including, 1.3.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing S...
CVE-2018-18872
- EPSS 0.18%
- Veröffentlicht 13.05.2019 14:29:00
- Zuletzt bearbeitet 21.11.2024 03:56:47
The Kieran O'Shea Calendar plugin before 1.3.11 for WordPress has Stored XSS via the event_title parameter in a wp-admin/admin.php?page=calendar add action, or the category name during category creation at the wp-admin/admin.php?page=calendar-categor...
CVE-2013-2698
- EPSS 0.14%
- Veröffentlicht 27.05.2014 14:55:10
- Zuletzt bearbeitet 12.04.2025 10:46:40
Cross-site request forgery (CSRF) vulnerability in the Calendar plugin before 1.3.3 for WordPress allows remote attackers to hijack the authentication of users for requests that add a calendar entry via unspecified vectors.