WordPress VR Calendar <=2.3.2 - Remote Code Execution

WordPress VR Calendar plugin through 2.3.2 is susceptible to remote code execution. The plugin allows any user to execute arbitrary PHP functions on the site. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without...

EUVD-2022-43192

Malicious code in bioql PyPI...

EUVD-2024-40795

Malicious code in bioql PyPI...

CVE-2025-5936

The VR Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.7. This is due to missing or incorrect nonce validation on the syncCalendar function. This makes it possible for unauthenticated attackers to trigger a calendar sync via a...

CVE-2025-5936 VR Calendar <= 2.4.7 - Cross-Site Request Forgery to Calendar Sync

The VR Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.7. This is due to missing or incorrect nonce validation on the syncCalendar function. This makes it possible for unauthenticated attackers to trigger a calendar sync via a...

CVE-2025-5936

CVE-2025-5936 documents a Cross-Site Forgery vulnerability in the WordPress VR Calendar plugin. Affected versions are all up to and including 2.4.7, where missing or incorrect nonce validation in the syncCalendar() function allows unauthenticated attackers to trigger a calendar sync via a forged ...

CVE-2025-5936 VR Calendar <= 2.4.7 - Cross-Site Request Forgery to Calendar Sync

The VR Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.7. This is due to missing or incorrect nonce validation on the syncCalendar function. This makes it possible for unauthenticated attackers to trigger a calendar sync via a...

WordPress plugin VR Calendar 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

PT-2025-27065 · WordPress · Vr Calendar

Name of the Vulnerable Software and Affected Versions: VR Calendar plugin for WordPress versions prior to 2.4.8 Description: The issue is related to Cross-Site Request Forgery. This is due to missing or incorrect nonce validation on the syncCalendar function. This makes it possible for...

CVE-2024-44013

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Innate Images LLC VR Calendar vr-calendar-sync allows PHP Local File Inclusion.This issue affects VR Calendar: from n/a through = 2.4.0...

CVE-2024-44013

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Innate Images LLC VR Calendar vr-calendar-sync allows PHP Local File Inclusion.This issue affects VR Calendar: from n/a through = 2.4.0...

CVE-2024-44013

CVE-2024-44013: WordPress VR Calendar plugin from Innate Images LLC suffers an unauthenticated Local File Inclusion (path traversal) in VR Calendar

CVE-2024-44013 WordPress VR Calendar plugin <= 2.4.0 - Local File Inclusion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Innate Images LLC VR Calendar vr-calendar-sync allows PHP Local File Inclusion.This issue affects VR Calendar: from n/a through = 2.4.0...

CVE-2024-44013 WordPress VR Calendar plugin <= 2.4.0 - Local File Inclusion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Innate Images LLC VR Calendar allows PHP Local File Inclusion.This issue affects VR Calendar: from n/a through 2.4.0...

PT-2024-30879 · Innate Images Llc · Vr Calendar

Name of the Vulnerable Software and Affected Versions: VR Calendar versions n/a through 2.4.0 Description: The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as a 'Path Traversal' vulnerability, which allows PHP Local File Inclusion in VR Calendar b...

WordPress plugin VR Calendar 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

WordPress VR Calendar plugin <= 2.4.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by tahu.datar Patchstack Alliance in WordPress Plugin VR Calendar versions = 2.4.0...

WordPress VR Calendar Plugin <= 2.4.0 is vulnerable to Local File Inclusion

Software VR Calendar Type Plugin Vulnerable versions = 2.4.0 Fixed in 2.4.5 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-44013 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 3e489bf6197d Credits tahu.datar Required privilege Unauthenticate...

VulnCheck KEV: CVE-2022-2314

The VR Calendar WordPress plugin through 2.3.2 lets any user execute arbitrary PHP functions on the site...

CVE-2022-3852

The VR Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.3. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to delete, and modify calendars as well as the...