CVE-2026-1310

CVE-2026-1310 affects the WordPress plugin Simple calendar for Elementor. The vulnerability is due to missing capability checks in the miga_ajax_editor_cal_delete handler (hooked to the miga_editor_cal_delete AJAX action), granting unauthenticated access to delete calendar entries. It impacts all...

CVE-2026-1310

The Simple calendar for Elementor plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.6.6. This is due to missing capability checks on the migaajaxeditorcaldelete function that is hooked to the migaeditorcaldelete AJAX action with both authenticated...

CVE-2026-1310 Simple calendar for Elementor <= 1.6.6 - Missing Authorization to Unauthenticated Arbitrary Calendar Entry Deletion

The Simple calendar for Elementor plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.6.6. This is due to missing capability checks on the migaajaxeditorcaldelete function that is hooked to the migaeditorcaldelete AJAX action with both authenticated...

WordPress plugin Simple Calendar for Elementor has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

CVE-2023-49151

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Simple Calendar Simple Calendar – Google Calendar Plugin allows Stored XSS.This issue affects Simple Calendar – Google Calendar Plugin: from n/a through 3.2.6...

EUVD-2025-205756

Authorization Bypass Through User-Controlled Key vulnerability in SimpleCalendar Google Calendar Events google-calendar-events allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Google Calendar Events: from n/a through = 3.5.9...

EUVD-2025-12306

Malicious code in bioql PyPI...

EUVD-2023-53156

Malicious code in bioql PyPI...

EUVD-2023-50432

Malicious code in bioql PyPI...

EUVD-2025-13794

Malicious code in bioql PyPI...

CVE-2024-8549

The Simple Calendar – Google Calendar Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 3.4.2. This makes it possible for unauthenticated attackers to inject...

CVE-2023-46189

Cross-Site Request Forgery CSRF vulnerability in Simple Calendar – Google Calendar Plugin = 3.2.5 versions...

CVE-2025-47542

Cross-Site Request Forgery CSRF vulnerability in Michael Simple calendar for Elementor simple-calendar-for-elementor allows Cross Site Request Forgery.This issue affects Simple calendar for Elementor: from n/a through = 1.6.5...

CVE-2025-47542

Cross-Site Request Forgery CSRF vulnerability in Michael Simple calendar for Elementor simple-calendar-for-elementor allows Cross Site Request Forgery.This issue affects Simple calendar for Elementor: from n/a through = 1.6.5...

CVE-2025-47542 WordPress Simple calendar for Elementor plugin <= 1.6.5 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Michael Simple calendar for Elementor simple-calendar-for-elementor allows Cross Site Request Forgery.This issue affects Simple calendar for Elementor: from n/a through = 1.6.5...

CVE-2025-47542

CVE-2025-47542 affects WordPress plugin Simple calendar for Elementor (versions 1.6.5 and earlier). The connected sources confirm a Cross-Site Request Forgery (CSRF) vulnerability in this plugin, enabling CSRF attacks that could force a user to perform unwanted actions on behalf of an authenticat...

CVE-2025-47542 WordPress Simple calendar for Elementor <= 1.6.5 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Michael Simple calendar for Elementor allows Cross Site Request Forgery. This issue affects Simple calendar for Elementor: from n/a through 1.6.5...

WordPress plugin Simple calendar for Elementor 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

PT-2025-20155 · Elementor · Simple Calendar For Elementor

Name of the Vulnerable Software and Affected Versions: Simple calendar for Elementor versions 1.6.5 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows for Cross Site Request Forgery. Recommendations: For versions 1.6.5 and earlier, update to a...

CVE-2025-46249

Cross-Site Request Forgery CSRF vulnerability in Michael Simple calendar for Elementor simple-calendar-for-elementor allows Cross Site Request Forgery.This issue affects Simple calendar for Elementor: from n/a through = 1.6.4...