20 matches found
CVE-2026-24636
Missing Authorization vulnerability in Syed Balkhi Sugar Calendar Lite sugar-calendar-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sugar Calendar Lite: from n/a through = 3.9.1...
CVE-2026-24636
Missing Authorization vulnerability in Syed Balkhi Sugar Calendar Lite sugar-calendar-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sugar Calendar Lite: from n/a through = 3.9.1...
CVE-2026-24636
Missing Authorization vulnerability in Syed Balkhi Sugar Calendar Lite sugar-calendar-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sugar Calendar Lite: from n/a through = 3.10.1...
CVE-2026-24636
CVE-2026-24636 describes a Missing Authorization vulnerability in Sugar Calendar (Lite) plugin for WordPress. The issue affects Sugar Calendar (Lite) versions up to and including 3.10.1 and is categorized as broken/incorrect access control (Missing Authorization). Public sources in the connected ...
CVE-2026-24636 WordPress Sugar Calendar (Lite) plugin <= 3.9.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Syed Balkhi Sugar Calendar Lite sugar-calendar-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sugar Calendar Lite: from n/a through = 3.9.1...
CVE-2026-24636 WordPress Sugar Calendar (Lite) plugin <= 3.9.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Syed Balkhi Sugar Calendar Lite sugar-calendar-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sugar Calendar Lite: from n/a through = 3.9.1...
WordPress plugin Sugar Calendar (Lite) has a security vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-4466
Name of the Vulnerable Software and Affected Versions Syed Balkhi Sugar Calendar Lite versions through 3.10.1 Description An issue exists in Syed Balkhi Sugar Calendar Lite related to incorrectly configured access control security levels, potentially allowing unauthorized access. Recommendations...
WordPress Sugar Calendar (Lite) plugin <= 3.9.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by daroo in WordPress Plugin Sugar Calendar Lite versions = 3.9.1...
EUVD-2024-33181
Malicious code in bioql PyPI...
CVE-2024-10878
The Sugar Calendar – Simple Event Management plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 3.3.0. This makes it possible for unauthenticated attacker...
WordPress Sugar Calendar (Lite) plugin <= 3.3.0 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin Sugar Calendar Lite versions = 3.3.0...
CVE-2024-10878
The Sugar Calendar – Simple Event Management plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 3.3.0. This makes it possible for unauthenticated attacker...
CVE-2024-10878
The Sugar Calendar – Simple Event Management plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 3.3.0. This makes it possible for unauthenticated attacker...
CVE-2024-10878 Sugar Calendar (Lite) <= 3.3.0 - Reflected Cross-Site Scripting
The Sugar Calendar – Simple Event Management plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 3.3.0. This makes it possible for unauthenticated attacker...
CVE-2024-10878 Sugar Calendar (Lite) <= 3.3.0 - Reflected Cross-Site Scripting
The Sugar Calendar – Simple Event Management plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 3.3.0. This makes it possible for unauthenticated attacker...
CVE-2024-10878
CVE-2024-10878 affects the WordPress plugin Sugar Calendar – Lite (Sugar Calendar) up to version 3.3.0 . The vulnerability is a Reflected Cross-Site Scripting (XSS) caused by improper escaping in the URL through the use of add_query_arg and remove_query_arg . This allows unauthenticated attackers...
WordPress Sugar Calendar (Lite) Plugin <= 3.3.0 is vulnerable to Cross Site Scripting (XSS)
Software Sugar Calendar Lite Type Plugin Vulnerable versions = 3.3.0 Fixed in 3.4.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10878 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 8ef7ef64f31f Credits Peter Thaleik...
WordPress plugin Sugar Calendar 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
PT-2024-16611 · WordPress · Sugar Calendar
Name of the Vulnerable Software and Affected Versions: Sugar Calendar – Simple Event Management plugin for WordPress versions prior to 3.3.0 Description: The issue is related to Reflected Cross-Site Scripting due to the use of add query arg and remove query arg without proper escaping on the URL...