Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 10:49 p.m.5 views

CVE-2022-2846

The Calendar Event Multi View WordPress plugin before 1.4.07 does not have any authorisation and CSRF checks in place when creating an event, and is also lacking sanitisation as well as escaping in some of the event fields. This could allow unauthenticated attackers to create arbitrary events and...

4.3CVSS6.5AI score0.02179EPSS
Exploits5References1
Vulnrichment
Vulnrichment
added 2024/06/03 10:9 p.m.17 views

CVE-2023-28492 WordPress Calendar Event Multi View plugin <= 1.4.10 - Missing Authorization Leading To Feedback Submission vulnerability

Missing Authorization vulnerability in CodePeople CP Multi View Event Calendar allows Functionality Misuse.This issue affects CP Multi View Event Calendar: from n/a through 1.4.10...

4.3CVSS6.9AI score0.00311EPSS
Exploits0References1
OSV
OSV
added 2022/08/16 7:15 p.m.3 views

CVE-2022-2846

The Calendar Event Multi View WordPress plugin before 1.4.07 does not have any authorisation and CSRF checks in place when creating an event, and is also lacking sanitisation as well as escaping in some of the event fields. This could allow unauthenticated attackers to create arbitrary events and...

4.3CVSS5.9AI score
Exploits0References2
NVD
NVD
added 2022/08/16 7:15 p.m.21 views

CVE-2022-2846

The Calendar Event Multi View WordPress plugin before 1.4.07 does not have any authorisation and CSRF checks in place when creating an event, and is also lacking sanitisation as well as escaping in some of the event fields. This could allow unauthenticated attackers to create arbitrary events and...

4.3CVSS0.02179EPSS
Exploits5References2
CVE
CVE
added 2022/08/16 12:0 a.m.74 views

CVE-2022-2846

The CVE-2022-2846 concerns the Calendar Event Multi View WordPress plugin prior to version 1.4.07. Root cause: missing authorization, CSRF protections, and insufficient sanitisation/escaping in event creation fields. Impact: unauthenticated attackers can create arbitrary events and inject Cross-S...

4.3CVSS4.5AI score0.02179EPSS
Exploits5References2Affected Software1
WPVulnDB
WPVulnDB
added 2021/07/05 12:0 a.m.18 views

Calendar Event Multi View < 1.4.01 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The plugin does not sanitise or escape the 'start' and 'end' GET parameters before outputting them in the page via php/edit.php, leading to a reflected Cross-Site Scripting issue. PoC https://www.example.com/?cpmvcid=1doaction=mvparse=editindex=0=1=0=F00=1=999=a%22%3E%3Csvg/%3E%3C%22...

4.3CVSS2.1AI score0.03065EPSS
Exploits2References1Affected Software1
wpexploit
wpexploit
added 2021/07/05 12:0 a.m.478 views

Calendar Event Multi View < 1.4.01 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The plugin does not sanitise or escape the 'start' and 'end' GET parameters before outputting them in the page via php/edit.php, leading to a reflected Cross-Site Scripting issue...

4.3CVSS1.8AI score0.03065EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2014/10/26 1:9 p.m.19 views

CP Multi View Event Calendar <= 1.0.1 - SQL Injection

The Calendar Event Multi View WordPress plugin was affected by a SQL Injection security vulnerability...

7.5CVSS2.6AI score0.40085EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder