4 matches found
EUVD-2026-41539
Authorization Bypass Through User-Controlled Key CWE-639 in CalendarDeleteEventController app/Http/Controllers/Calendar/CalendarDeleteEventController.php, exposed at GET /calendar/event/delete/id, in Prospero Flow CRM before 5.5.3 allows a remote, authenticated attacker to delete arbitrary calend...
CVE-2026-1310
The Simple calendar for Elementor plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.6.6. This is due to missing capability checks on the migaajaxeditorcaldelete function that is hooked to the migaeditorcaldelete AJAX action with both authenticated...
CVE-2026-1310
CVE-2026-1310 affects the WordPress plugin Simple calendar for Elementor. The vulnerability is due to missing capability checks in the miga_ajax_editor_cal_delete handler (hooked to the miga_editor_cal_delete AJAX action), granting unauthenticated access to delete calendar entries. It impacts all...
EUVD-2026-4912
The Simple calendar for Elementor plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.6.6. This is due to missing capability checks on the migaajaxeditorcaldelete function that is hooked to the migaeditorcaldelete AJAX action with both authenticated...