12 matches found
EUVD-2017-18355
Malware in sbrugna...
EUVD-2023-36390
Malicious code in bioql PyPI...
CVE-2024-0855
The Spiffy Calendar WordPress plugin before 4.9.9 doesn't check the eventauthor parameter, and allows any user to alter it when creating an event, leading to deceiving users/admins that a page was created by a Contributor+...
CVE-2022-46859
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Spiffy Plugins Spiffy Calendar spiffy-calendar allows SQL Injection.This issue affects Spiffy Calendar: from n/a through 4.9.1...
CVE-2022-46859 WordPress Spiffy Calendar Plugin <= 4.9.1 is vulnerable to SQL Injection
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Spiffy Plugins Spiffy Calendar spiffy-calendar allows SQL Injection.This issue affects Spiffy Calendar: from n/a through 4.9.1...
CVE-2023-32122 WordPress Spiffy Calendar Plugin <= 4.9.3 is vulnerable to Cross Site Scripting (XSS)
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Spiffy Plugins Spiffy Calendar plugin = 4.9.3 versions...
CVE-2023-32122
The CVE-2023-32122 issue affects the WordPress Spiffy Calendar plugin, with versions ≤ 4.9.3 vulnerable to unauthenticated, reflected Cross-Site Scripting (XSS) via a page parameter. The root cause is an XSS flaw that can be triggered without authentication, as documented in multiple sources. A f...
CVE-2022-29434
Insecure Direct Object References IDOR vulnerability in Spiffy Plugins Spiffy Calendar = 4.9.0 at WordPress allows an attacker to edit or delete events...
WordPress plugin Spiffy Calendar 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Spiffy Calendar plugin 4.9.0 and earlier versions are vulnerable to an insecure direct object...
CVE-2022-29434
Insecure Direct Object References IDOR vulnerability in Spiffy Plugins Spiffy Calendar = 4.9.0 at WordPress allows an attacker to edit or delete events...
WordPress Spiffy Calendar plugin <= 4.9.0 - Multiple Authenticated Reflected Cross-Site Scripting (XSS) vulnerabilities
Multiple Authenticated Reflected Cross-Site Scripting XSS vulnerabilities discovered in WordPress Spiffy Calendar plugin versions = 4.9.0 by Ex.Mi Patchstack. Solution Update the WordPress Spiffy Calendar plugin to the latest available version at least 4.9.1...
CVE-2017-9420
Cross site scripting XSS vulnerability in the Spiffy Calendar plugin before 3.3.0 for WordPress allows remote attackers to inject arbitrary JavaScript via the yr parameter...