22 matches found
WordPress Private Google Calendars plugin <= 20250811 - Missing Authorization to Authenticated (Subscriber+) Settings Reset vulnerability
Missing Authorization to Authenticated Subscriber+ Settings Reset vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Private Google Calendars versions = 20250811...
CVE-2025-12526
The Private Google Calendars plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pgcremove' action in all versions up to, and including, 20250811. This makes it possible for authenticated attackers, with Subscriber-level access and...
EUVD-2025-60942
The Private Google Calendars plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pgcremove' action in all versions up to, and including, 20250811. This makes it possible for authenticated attackers, with Subscriber-level access and...
CVE-2025-12526
The Private Google Calendars plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pgcremove' action in all versions up to, and including, 20250811. This makes it possible for authenticated attackers, with Subscriber-level access and...
CVE-2025-12526
CVE-2025-12526 concerns the Private Google Calendars plugin for WordPress. Technical details in connected sources show a missing capability check on the pgc_remove action in versions up to 20250811, enabling authenticated attackers with Subscriber-level access or higher to reset the plugin’s sett...
CVE-2025-12526 Private Google Calendars <= 20250811 - Missing Authorization to Authenticated (Subscriber+) Settings Reset
The Private Google Calendars plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pgcremove' action in all versions up to, and including, 20250811. This makes it possible for authenticated attackers, with Subscriber-level access and...
CVE-2025-12526 Private Google Calendars <= 20250811 - Missing Authorization to Authenticated (Subscriber+) Settings Reset
The Private Google Calendars plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pgcremove' action in all versions up to, and including, 20250811. This makes it possible for authenticated attackers, with Subscriber-level access and...
WordPress plugin Private Google Calendars 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
PT-2025-46275
Name of the Vulnerable Software and Affected Versions Private Google Calendars plugin for WordPress versions prior to 20250811 Description The Private Google Calendars plugin for WordPress is susceptible to unauthorized data modification. This is caused by a missing capability check on the pgc...
EUVD-2023-56871
Malicious code in bioql PyPI...
CVE-2023-52198
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Michiel van Eerd Private Google Calendars allows Stored XSS.This issue affects Private Google Calendars: from n/a through 20231125...
Private Google Calendars < 20240106 - Contributor+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-52198
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Michiel van Eerd Private Google Calendars allows Stored XSS.This issue affects Private Google Calendars: from n/a through 20231125...
CVE-2023-52198
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Michiel van Eerd Private Google Calendars allows Stored XSS.This issue affects Private Google Calendars: from n/a through 20231125...
Cross site scripting
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Michiel van Eerd Private Google Calendars allows Stored XSS.This issue affects Private Google Calendars: from n/a through 20231125...
CVE-2023-52198 WordPress Private Google Calendars Plugin <= 20231125 is vulnerable to Cross Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Michiel van Eerd Private Google Calendars allows Stored XSS.This issue affects Private Google Calendars: from n/a through 20231125...
CVE-2023-52198
CVE-2023-52198 affects Private Google Calendars WordPress plugin. The issue is an improper neutralization of input in web page generation, enabling stored XSS (stored cross-site scripting) for versions up to 20231125. Patchstack notes the vulnerability as CVE-2023-52198 with a fix released on 202...
PT-2024-14465 · Google · Private Google Calendars
Name of the Vulnerable Software and Affected Versions: Michiel van Eerd Private Google Calendars versions from n/a through 20231125 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This...
WordPress Plugin Private Google Calendars Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
WordPress Private Google Calendars Plugin <= 20231125 is vulnerable to Cross Site Scripting (XSS)
Software Private Google Calendars Type Plugin Vulnerable versions = 20231125 Fixed in 20240106 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-52198 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e9587eb47eeb Credits Ngô Thiên An ancorn fro...