24 matches found
CVE-2025-12813
The Holiday class post calendar plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 7.1 via the 'contents' parameter. This is due to a lack of sanitization of user-supplied data when creating a cache file. This makes it possible for unauthenticated...
CVE-2025-12813
The CVE-2025-12813 entry concerns the WordPress plugin Holiday class post calendar. The vulnerability is an unauthenticated Remote Code Execution (RCE) in all versions up to and including 7.1, caused by unsanitized user input in the contents parameter used to create a cache file. Impact is server...
CVE-2025-12813 Holiday class post calendar <= 7.1 - Unauthenticated Remote Code Execution via 'contents'
The Holiday class post calendar plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 7.1 via the 'contents' parameter. This is due to a lack of sanitization of user-supplied data when creating a cache file. This makes it possible for unauthenticated...
CVE-2025-12813 Holiday class post calendar <= 7.1 - Unauthenticated Remote Code Execution via 'contents'
The Holiday class post calendar plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 7.1 via the 'contents' parameter. This is due to a lack of sanitization of user-supplied data when creating a cache file. This makes it possible for unauthenticated...
PT-2025-46297
Name of the Vulnerable Software and Affected Versions WordPress Holiday Class Post Calendar plugin versions up to and including 7.1 Description The Holiday Class Post Calendar plugin for WordPress is susceptible to Remote Code Execution via the contents parameter. This occurs because the plugin...
WordPress plugin Holiday class post calendar 代码注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code injection...
EUVD-2025-17183
Malicious code in bioql PyPI...
CVE-2025-29003
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mva7 The Holiday Calendar the-holiday-calendar allows Stored XSS.This issue affects The Holiday Calendar: from n/a through = 1.18.2.1...
CVE-2025-29003
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mva7 The Holiday Calendar the-holiday-calendar allows Stored XSS.This issue affects The Holiday Calendar: from n/a through = 1.18.2.1...
CVE-2025-29003
CVE-2025-29003 : Stored XSS in The Holiday Calendar WordPress plugin. Affected: The Holiday Calendar versions up to 1.18.2.1 (n/a–1.18.2.1). Root cause: Improper neutralization of input during web page generation. Impact: Stored cross‑site scripting could be triggered on affected pages. CVSS v3.1...
CVE-2025-29003 WordPress The Holiday Calendar plugin <= 1.18.2.1 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mva7 The Holiday Calendar the-holiday-calendar allows Stored XSS.This issue affects The Holiday Calendar: from n/a through = 1.18.2.1...
CVE-2025-29003 WordPress The Holiday Calendar plugin <= 1.18.2.1 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mva7 The Holiday Calendar the-holiday-calendar allows Stored XSS.This issue affects The Holiday Calendar: from n/a through = 1.18.2.1...
PT-2025-24139 · Unknown · Mva7 The Holiday Calendar
Name of the Vulnerable Software and Affected Versions: mva7 The Holiday Calendar versions n/a through 1.18.2.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS in mva7 The Holiday...
WordPress plugin The Holiday Calendar 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists i...
WordPress The Holiday Calendar plugin <= 1.18.2.1 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin The Holiday Calendar versions = 1.18.2.1...
WordPress the-holiday-calendar plugin cross-site scripting vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site. the-holiday-calendar plugin is used in one of the calendar plugin . A cross-site scripting vulnerability exists i...
Cross site scripting
XSS exists in the the-holiday-calendar plugin before 1.11.3 for WordPress via the thc-month parameter...
CVE-2015-9270
XSS exists in the the-holiday-calendar plugin before 1.11.3 for WordPress via the thc-month parameter...
CVE-2015-9270
XSS exists in the the-holiday-calendar plugin before 1.11.3 for WordPress via the thc-month parameter...
CVE-2015-9270
CVE-2015-9270 corresponds to a cross-site scripting (XSS) vulnerability in the WordPress plugin The Holiday Calendar prior to version 1.11.3, exploitable via the thc-month parameter. Multiple sources (NVD entry and CNVD/CVE mirror, WPVulndb) describe an XSS in this plugin and versions before 1.11...