WordPress Spiffy Calendar plugin <= 5.0.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin Spiffy Calendar versions = 5.0.7...

WordPress Spiffy Calendar Missing Authorization Vulnerability

WordPress Spiffy Calendar is a WordPress calendar plugin focused on helping users manage and display events. A lack of authorization vulnerability exists in WordPress Spiffy Calendar, which can be exploited by an attacker to leverage a misconfigured access control security level...

WordPress Spiffy Calendar Plugin <= 4.9.13 is vulnerable to Cross Site Scripting (XSS)

Software Spiffy Calendar Type Plugin Vulnerable versions = 4.9.13 Fixed in 4.9.14 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-45458 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6044522ff419 Credits LVT-tholv2k Required privilege...

WordPress Spiffy Calendar Plugin <= 4.9.7 is vulnerable to Cross Site Scripting (XSS)

Software Spiffy Calendar Type Plugin Vulnerable versions = 4.9.7 Fixed in 4.9.10 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30427 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID e5917dca625b Credits Dimas Maulana Required privileg...

WordPress Spiffy Calendar Plugin < 4.9.9 is vulnerable to Broken Access Control

Software Spiffy Calendar Type Plugin Vulnerable versions 4.9.9 Fixed in 4.9.9 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-0855 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 34d04762f8cf Credits cyc707 Required privilege...

WordPress Spiffy Calendar Plugin <= 4.9.5 is vulnerable to Cross Site Scripting (XSS)

Software Spiffy Calendar Type Plugin Vulnerable versions = 4.9.5 Fixed in 4.9.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49745 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 28c8f76cf91e Credits resecured.io Required privilege...

WordPress Spiffy Calendar Plugin <= 4.9.3 is vulnerable to Cross Site Scripting (XSS)

Software Spiffy Calendar Type Plugin Vulnerable versions = 4.9.3 Fixed in 4.9.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32122 Patch priority Medium CVSS severity Medium 5.8 Developer Claim ownership PSID 27fe48000742 Credits LEE SE HYOUNG...

WordPress Spiffy Calendar Plugin <= 4.9.1 is vulnerable to SQL Injection

Software Spiffy Calendar Type Plugin Vulnerable versions = 4.9.1 Fixed in 4.9.2 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2022-46859 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 127ff2924c25 Credits Justiice Required privilege Subscriber Publishe...

WordPress Spiffy Calendar Plugin Cross-Site Scripting Vulnerability

WordPress is a suite of blogging platforms developed by the WordPress Software Foundation using the PHP language, which supports setting up personal blog sites on servers running PHP and MySQL.Spiffy Calendar plugin is a plugin for managing and displaying user event and appointment information. A...