Lucene search
K

24 matches found

RedhatCVE
RedhatCVE
added 2025/11/12 3:46 a.m.7 views

CVE-2025-12813

The Holiday class post calendar plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 7.1 via the 'contents' parameter. This is due to a lack of sanitization of user-supplied data when creating a cache file. This makes it possible for unauthenticated...

9.8CVSS7AI score0.00761EPSS
Exploits0References1
CVE
CVE
added 2025/11/11 3:30 a.m.15 views

CVE-2025-12813

The CVE-2025-12813 entry concerns the WordPress plugin Holiday class post calendar. The vulnerability is an unauthenticated Remote Code Execution (RCE) in all versions up to and including 7.1, caused by unsanitized user input in the contents parameter used to create a cache file. Impact is server...

9.8CVSS6.7AI score0.00761EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/11/11 3:30 a.m.3 views

CVE-2025-12813 Holiday class post calendar <= 7.1 - Unauthenticated Remote Code Execution via 'contents'

The Holiday class post calendar plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 7.1 via the 'contents' parameter. This is due to a lack of sanitization of user-supplied data when creating a cache file. This makes it possible for unauthenticated...

9.8CVSS6.7AI score0.00761EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/11 3:30 a.m.6 views

CVE-2025-12813 Holiday class post calendar <= 7.1 - Unauthenticated Remote Code Execution via 'contents'

The Holiday class post calendar plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 7.1 via the 'contents' parameter. This is due to a lack of sanitization of user-supplied data when creating a cache file. This makes it possible for unauthenticated...

9.8CVSS0.00761EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/11 12:0 a.m.9 views

PT-2025-46297

Name of the Vulnerable Software and Affected Versions WordPress Holiday Class Post Calendar plugin versions up to and including 7.1 Description The Holiday Class Post Calendar plugin for WordPress is susceptible to Remote Code Execution via the contents parameter. This occurs because the plugin...

9.8CVSS7.6AI score0.00761EPSS
Exploits0References9
CNNVD
CNNVD
added 2025/11/11 12:0 a.m.3 views

WordPress plugin Holiday class post calendar 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code injection...

9.8CVSS8AI score0.00761EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.1 views

EUVD-2025-17183

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00215EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/06/08 1:19 p.m.6 views

CVE-2025-29003

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mva7 The Holiday Calendar the-holiday-calendar allows Stored XSS.This issue affects The Holiday Calendar: from n/a through = 1.18.2.1...

6.5CVSS5.9AI score0.00215EPSS
Exploits0References1
NVD
NVD
added 2025/06/06 1:15 p.m.6 views

CVE-2025-29003

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mva7 The Holiday Calendar the-holiday-calendar allows Stored XSS.This issue affects The Holiday Calendar: from n/a through = 1.18.2.1...

6.5CVSS0.00215EPSS
Exploits0References1
CVE
CVE
added 2025/06/06 12:54 p.m.37 views

CVE-2025-29003

CVE-2025-29003 : Stored XSS in The Holiday Calendar WordPress plugin. Affected: The Holiday Calendar versions up to 1.18.2.1 (n/a–1.18.2.1). Root cause: Improper neutralization of input during web page generation. Impact: Stored cross‑site scripting could be triggered on affected pages. CVSS v3.1...

6.5CVSS5.9AI score0.00215EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/06/06 12:54 p.m.5 views

CVE-2025-29003 WordPress The Holiday Calendar plugin <= 1.18.2.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mva7 The Holiday Calendar the-holiday-calendar allows Stored XSS.This issue affects The Holiday Calendar: from n/a through = 1.18.2.1...

6.5CVSS5.9AI score0.00215EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/06 12:54 p.m.13 views

CVE-2025-29003 WordPress The Holiday Calendar plugin <= 1.18.2.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mva7 The Holiday Calendar the-holiday-calendar allows Stored XSS.This issue affects The Holiday Calendar: from n/a through = 1.18.2.1...

6.5CVSS0.00215EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/06/06 12:0 a.m.1 views

PT-2025-24139 · Unknown · Mva7 The Holiday Calendar

Name of the Vulnerable Software and Affected Versions: mva7 The Holiday Calendar versions n/a through 1.18.2.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS in mva7 The Holiday...

6.5CVSS6AI score0.00215EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/06/06 12:0 a.m.1 views

WordPress plugin The Holiday Calendar 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists i...

6.5CVSS6AI score0.00215EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/06/05 1:29 a.m.8 views

WordPress The Holiday Calendar plugin <= 1.18.2.1 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin The Holiday Calendar versions = 1.18.2.1...

6.5CVSS6AI score0.00215EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2018/10/18 12:0 a.m.1 views

WordPress the-holiday-calendar plugin cross-site scripting vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site. the-holiday-calendar plugin is used in one of the calendar plugin . A cross-site scripting vulnerability exists i...

6.1CVSS5.8AI score0.00986EPSS
Exploits0References1
Prion
Prion
added 2018/10/01 11:29 p.m.7 views

Cross site scripting

XSS exists in the the-holiday-calendar plugin before 1.11.3 for WordPress via the thc-month parameter...

4.3CVSS6.3AI score0.00986EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2018/10/01 11:29 p.m.12 views

CVE-2015-9270

XSS exists in the the-holiday-calendar plugin before 1.11.3 for WordPress via the thc-month parameter...

6.1CVSS6.1AI score0.00986EPSS
Exploits0References2
Cvelist
Cvelist
added 2018/10/01 11:0 p.m.19 views

CVE-2015-9270

XSS exists in the the-holiday-calendar plugin before 1.11.3 for WordPress via the thc-month parameter...

6.1AI score0.00986EPSS
Exploits0References2
CVE
CVE
added 2018/10/01 11:0 p.m.38 views

CVE-2015-9270

CVE-2015-9270 corresponds to a cross-site scripting (XSS) vulnerability in the WordPress plugin The Holiday Calendar prior to version 1.11.3, exploitable via the thc-month parameter. Multiple sources (NVD entry and CNVD/CVE mirror, WPVulndb) describe an XSS in this plugin and versions before 1.11...

6.1CVSS6AI score0.00986EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder