WordPress Calendar Plugin <= 1.3.2 - CSRF

2013-03-2600:00:00

Charlie Eriksen

patchstack.com

0.002 Low

EPSS

Percentile

52.7%

Because of this vulnerability, the attackers can hijack the authentication of users for requests that add a calendar entry via unspecified vectors.

Solution

           Update the plugin.

CPENameOperatorVersion
calendarle1.3.2

CPE	Name	Operator	Version
	calendar	le	1.3.2

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2698

0.002 Low

EPSS

Percentile

52.7%

Related for PATCHSTACK:CFA7AA6E5DEFA349997DC6ADB3F97983