7 matches found
CVE-2012-4242
MF Gig Calendar 0.9.2 (WordPress) is affected by CVE-2012-4242, a cross-site scripting (XSS) vulnerability. The root cause is insufficient sanitisation of a generic parameter in the calendar page query string, enabling remote attackers to inject arbitrary script/HTML. Impact described in the sour...
CVE-2024-33651
Technical details about CVE-2024-33651 are not present in the provided Connected Documents. The MF Gig Calendar CSRF issue, including vulnerable versions and impact, is only stated in the Initial Description; no CVE specifics, exploit info, or fixes are provided.
CVE-2024-3756
The CVE-2024-3756 vulnerability affects MF Gig Calendar WordPress plugin versions ≤ 1.2.1 and could allow CSRF-enabled attackers to delete arbitrary events by convincing a logged-in user (Contributors+) to perform actions. The linked Red Hat/OSV entries confirm the same issue description but do n...
CVE-2021-24510
The issue affects the WordPress MF Gig Calendar plugin prior to version 1.2. The GET parameter id is not sanitized/escaped when editing an Event, causing a reflected XSS in the admin dashboard. Impact includes injection of scripts into the admin UI; remediation is to update to version 1.2 or late...
CVE-2024-3755
CVE-2024-3755 affects MF Gig Calendar for WordPress up to version 1.2.1. The root cause is that the plugin does not sanitize/escape certain settings, enabling a stored XSS when a high-privilege user (e.g., Editor) interacts with the plugin, even if unfiltered_html is disallowed (such as in multis...
CVE-2023-50842
CVE-2023-50842 : In MF Gig Calendar (WordPress plugin), an SQL Injection vulnerability arises from improper neutralization of special elements in SQL commands. Affected versions are MF Gig Calendar: from n/a through 1.2.1. The CVSS v3.1 base score is 8.8 (HIGH) with network attack vector, low com...
CVE-2023-37970
CVE-2023-37970 affects the WordPress plugin MF Gig Calendar by Matthew Fries. Versions