CVE-2025-12898 Pretty Google Calendar <= 2.0.0 - Missing Authorization to Unauthenticated Google API Key Exposure

The Pretty Google Calendar plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the pgcalajaxhandler function in all versions up to, and including, 2.0.0. This makes it possible for unauthenticated attackers to retrieve the Google API key set in t...

CVE-2025-12898 Pretty Google Calendar <= 2.0.0 - Missing Authorization to Unauthenticated Google API Key Exposure

The Pretty Google Calendar plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the pgcalajaxhandler function in all versions up to, and including, 2.0.0. This makes it possible for unauthenticated attackers to retrieve the Google API key set in t...

PT-2025-52535

Name of the Vulnerable Software and Affected Versions Pretty Google Calendar plugin for WordPress versions prior to 2.0.1 Description The Pretty Google Calendar plugin for WordPress is susceptible to unauthorized data access. This is due to a missing capability check within the pgcal ajax handler...

WordPress plugin Pretty Google Calendar 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

EUVD-2024-31356

Malicious code in bioql PyPI...

CVE-2024-33640

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LBell Pretty Google Calendar allows Stored XSS.This issue affects Pretty Google Calendar: from n/a through 1.7.2...

CVE-2024-33640

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LBell Pretty Google Calendar allows Stored XSS.This issue affects Pretty Google Calendar: from n/a through 1.7.2...

CVE-2024-33640

CVE-2024-33640 is a stored XSS in the Pretty Google Calendar WordPress plugin (LBell Pretty Google Calendar) affecting versions up to 1.7.2. Root cause: improper neutralization of user input during web page generation, enabling stored cross-site scripting. Impact per CVSS: low confidentiality, in...

WordPress plugin Pretty Google Calendar 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

WordPress Pretty Google Calendar plugin <= 1.7.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Pretty Google Calendar versions = 1.7.2...

WordPress Pretty Google Calendar Plugin <= 1.7.2 is vulnerable to Cross Site Scripting (XSS)

Software Pretty Google Calendar Type Plugin Vulnerable versions = 1.7.2 Fixed in 2.0.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-33640 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e6c5ddcc221c Credits LVT-tholv2k Required privilege...

WordPress Pretty Google Calendar Plugin < 1.6.0 is vulnerable to Cross Site Scripting (XSS)

Software Pretty Google Calendar Type Plugin Vulnerable versions 1.6.0 Fixed in 1.6.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7ad788c3cc06 Credits Unknown Required privilege...