Lucene search
K

4 matches found

EUVD
EUVD
added last week11 views

EUVD-2026-41539

Authorization Bypass Through User-Controlled Key CWE-639 in CalendarDeleteEventController app/Http/Controllers/Calendar/CalendarDeleteEventController.php, exposed at GET /calendar/event/delete/id, in Prospero Flow CRM before 5.5.3 allows a remote, authenticated attacker to delete arbitrary calend...

6.9CVSS6AI score0.00403EPSS
Exploits0References3
NVD
NVD
added 2026/01/28 7:16 a.m.13 views

CVE-2026-1310

The Simple calendar for Elementor plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.6.6. This is due to missing capability checks on the migaajaxeditorcaldelete function that is hooked to the migaeditorcaldelete AJAX action with both authenticated...

5.3CVSS0.00338EPSS
Exploits0References4
CVE
CVE
added 2026/01/28 6:43 a.m.20 views

CVE-2026-1310

CVE-2026-1310 affects the WordPress plugin Simple calendar for Elementor. The vulnerability is due to missing capability checks in the miga_ajax_editor_cal_delete handler (hooked to the miga_editor_cal_delete AJAX action), granting unauthenticated access to delete calendar entries. It impacts all...

5.3CVSS6AI score0.00338EPSS
Exploits0References4
EUVD
EUVD
added 2026/01/28 6:43 a.m.9 views

EUVD-2026-4912

The Simple calendar for Elementor plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.6.6. This is due to missing capability checks on the migaajaxeditorcaldelete function that is hooked to the migaeditorcaldelete AJAX action with both authenticated...

5.3CVSS6AI score0.00338EPSS
Exploits0References4
Rows per page
Query Builder