Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:13 p.m.12 views

CVE-2026-40308

My Calendar is a WordPress plugin for managing calendar events. In versions 3.7.6 and below, the mcajaxmcjsaction AJAX endpoint, registered for unauthenticated users, passes user-supplied arguments through parsestr without validation, allowing injection of arbitrary parameters including a site...

8.8CVSS5.4AI score0.00932EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/04/16 9:34 p.m.11 views

Unauthenticated Information Disclosure (IDOR) via Multisite switch_to_blog in My Calendar

Summary An unauthenticated Insecure Direct Object Reference IDOR and Denial of Service DoS vulnerability in the My Calendar plugin allows any unauthenticated user to extract calendar events including private or hidden ones from any sub-site on a WordPress Multisite network. On standard Single Sit...

8.8CVSS5.8AI score0.00932EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/04/16 9:34 p.m.7 views

GHSA-2MVX-F5QM-V2CH Unauthenticated Information Disclosure (IDOR) via Multisite switch_to_blog in My Calendar

Summary An unauthenticated Insecure Direct Object Reference IDOR and Denial of Service DoS vulnerability in the My Calendar plugin allows any unauthenticated user to extract calendar events including private or hidden ones from any sub-site on a WordPress Multisite network. On standard Single Sit...

8.8CVSS5.8AI score0.00932EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/16 9:30 p.m.41 views

CVE-2026-40308 My Calendar: Unauthenticated Information Disclosure (IDOR) via Multisite switch_to_blog

My Calendar is a WordPress plugin for managing calendar events. In versions 3.7.6 and below, the mcajaxmcjsaction AJAX endpoint, registered for unauthenticated users, passes user-supplied arguments through parsestr without validation, allowing injection of arbitrary parameters including a site...

8.8CVSS0.00932EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/16 9:30 p.m.5 views

CVE-2026-40308 My Calendar: Unauthenticated Information Disclosure (IDOR) via Multisite switch_to_blog

My Calendar is a WordPress plugin for managing calendar events. In versions 3.7.6 and below, the mcajaxmcjsaction AJAX endpoint, registered for unauthenticated users, passes user-supplied arguments through parsestr without validation, allowing injection of arbitrary parameters including a site...

8.8CVSS5.8AI score0.00932EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/16 9:30 p.m.3 views

CVE-2026-40308

My Calendar is a WordPress plugin for managing calendar events. In versions 3.7.6 and below, the mcajaxmcjsaction AJAX endpoint, registered for unauthenticated users, passes user-supplied arguments through parsestr without validation, allowing injection of arbitrary parameters including a site...

8.8CVSS5.8AI score0.00932EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder