3 matches found
CVE-2024-1274
The CVE-2024-1274 issue affects the My Calendar WordPress plugin prior to version 3.4.24. The vulnerability arises because the plugin does not sanitize or escape certain parameters, enabling Cross-Site Scripting (XSS) by users with a low-privilege role (Subscriber) depending on admin permissions....
CVE-2023-6360
The CVE-2023-6360 entry refers to the WordPress My Calendar plugin, affected versions before 3.4.22, with an unauthenticated SQL injection in the from and to parameters of the /my-calendar/v1/events REST route. The vulnerability can enable arbitrary SQL queries against the database and is categor...
CVE-2012-6527
CVE-2012-6527 concerns the WordPress plugin My Calendar prior to version 1.10.2. The issue is a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary script or HTML via the PATH_INFO parameter. Multiple sources corroborate that versions before 1.10.2 are affect...