WordPress Plugin MF Gig Calendar 0.9.2 - Cross-Site Scripting

A cross-site scripting vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar page. id: CVE-2012-4242 info: name: WordPress Plugin MF Gig Calendar 0.9.2 - Cross-Site Scripting author:...

CVE-2023-50842

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Matthew Fries MF Gig Calendar.This issue affects MF Gig Calendar: from n/a through 1.2.1...

EUVD-2012-4186

Malware in sbrugna...

EUVD-2023-41797

Malicious code in bioql PyPI...

EUVD-2023-55575

Malicious code in bioql PyPI...

EUVD-2024-31367

Malicious code in bioql PyPI...

CVE-2023-37970

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Matthew Fries MF Gig Calendar plugin = 1.2 versions...

CVE-2021-24510

The MF Gig Calendar WordPress plugin before 1.2 does not sanitise and escape the id GET parameter before outputting back in the admin dashboard when editing an Event, leading to a reflected Cross-Site Scripting issue...

BIT-WORDPRESS-2024-3756

The MF Gig Calendar WordPress plugin through 1.2.1 does not have CSRF checks in some places, which could allow attackers to make logged in Contributors and above delete arbitrary events via a CSRF attack...

BIT-WORDPRESS-MULTISITE-2024-3755

The MF Gig Calendar WordPress plugin through 1.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editor to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress MF Gig Calendar plugin <= 1.2.1 - Editor+ Stored XSS vulnerability

Editor+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin MF Gig Calendar versions = 1.2.1...

CVE-2024-3755

The MF Gig Calendar WordPress plugin through 1.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editor to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-3756

The MF Gig Calendar WordPress plugin through 1.2.1 does not have CSRF checks in some places, which could allow attackers to make logged in Contributors and above delete arbitrary events via a CSRF attack...

CVE-2024-3755

The MF Gig Calendar WordPress plugin through 1.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editor to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-3756 MF Gig Calendar <= 1.2.1 - Arbitrary Event Deletion via CSRF

The MF Gig Calendar WordPress plugin through 1.2.1 does not have CSRF checks in some places, which could allow attackers to make logged in Contributors and above delete arbitrary events via a CSRF attack...

CVE-2024-3755

CVE-2024-3755 affects MF Gig Calendar for WordPress up to version 1.2.1. The root cause is that the plugin does not sanitize/escape certain settings, enabling a stored XSS when a high-privilege user (e.g., Editor) interacts with the plugin, even if unfiltered_html is disallowed (such as in multis...

WordPress MF Gig Calendar Plugin <= 1.2.1 is vulnerable to Cross Site Scripting (XSS)

Software MF Gig Calendar Type Plugin Vulnerable versions = 1.2.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3755 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7e70a0913ed9 Credits Bob Matyas Required...

WordPress plugin MF Gig Calendar 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-27647 · WordPress · Mf Gig Calendar

Name of the Vulnerable Software and Affected Versions: MF Gig Calendar WordPress plugin versions 1.2.1 and earlier Description: The issue allows high privilege users, such as editors, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for examp...

PT-2024-27658 · WordPress · Mf Gig Calendar

Name of the Vulnerable Software and Affected Versions: MF Gig Calendar WordPress plugin versions 1.2.1 and earlier Description: The issue is related to the lack of CSRF checks in some places, which could allow attackers to make logged-in Contributors and above delete arbitrary events via a CSRF...