CVE-2025-5936

The VR Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.7. This is due to missing or incorrect nonce validation on the syncCalendar function. This makes it possible for unauthenticated attackers to trigger a calendar sync via a...

CVE-2025-5936 VR Calendar <= 2.4.7 - Cross-Site Request Forgery to Calendar Sync

The VR Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.7. This is due to missing or incorrect nonce validation on the syncCalendar function. This makes it possible for unauthenticated attackers to trigger a calendar sync via a...

PT-2025-27065 · WordPress · Vr Calendar

Name of the Vulnerable Software and Affected Versions: VR Calendar plugin for WordPress versions prior to 2.4.8 Description: The issue is related to Cross-Site Request Forgery. This is due to missing or incorrect nonce validation on the syncCalendar function. This makes it possible for...

WordPress VR Calendar Plugin <= 2.4.0 is vulnerable to Local File Inclusion

Software VR Calendar Type Plugin Vulnerable versions = 2.4.0 Fixed in 2.4.5 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-44013 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 3e489bf6197d Credits tahu.datar Required privilege Unauthenticate...

VulnCheck KEV: CVE-2022-2314

The VR Calendar WordPress plugin through 2.3.2 lets any user execute arbitrary PHP functions on the site...

CVE-2022-3852

The VR Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.3. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to delete, and modify calendars as well as the...

Cross site request forgery (csrf)

The VR Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.3. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to delete, and modify calendars as well as the...

CVE-2022-3852 VR Calendar <= 2.3.3 - Cross-Site Request Forgery

The VR Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.3. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to delete, and modify calendars as well as the...

CVE-2022-3852 VR Calendar <= 2.3.3 - Cross-Site Request Forgery

The VR Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.3. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to delete, and modify calendars as well as the...

CVE-2022-2314

The VR Calendar WordPress plugin through 2.3.2 lets any user execute arbitrary PHP functions on the site...

Design/Logic Flaw

The VR Calendar WordPress plugin through 2.3.2 lets any user execute arbitrary PHP functions on the site...

PT-2022-15878 · WordPress · Vr Calendar

Name of the Vulnerable Software and Affected Versions: VR Calendar WordPress plugin versions prior to 2.3.3 Description: The issue allows any user to execute arbitrary PHP functions on the site. This can lead to unauthorized access and potential code execution. Recommendations: For versions prior...