Lucene search
K
Mf Gig Calendar ProjectMf Gig Calendar

7 matches found

CVE
CVE
added 2012/10/01 11:0 p.m.92 views

CVE-2012-4242

MF Gig Calendar 0.9.2 (WordPress) is affected by CVE-2012-4242, a cross-site scripting (XSS) vulnerability. The root cause is insufficient sanitisation of a generic parameter in the calendar page query string, enabling remote attackers to inject arbitrary script/HTML. Impact described in the sour...

4.3CVSS5.9AI score0.08857EPSS
CVE
CVE
added 2024/04/26 7:9 a.m.86 views

CVE-2024-33651

Technical details about CVE-2024-33651 are not present in the provided Connected Documents. The MF Gig Calendar CSRF issue, including vulnerable versions and impact, is only stated in the Initial Description; no CVE specifics, exploit info, or fixes are provided.

8.8CVSS5.1AI score0.00236EPSS
CVE
CVE
added 2024/05/06 6:0 a.m.74 views

CVE-2024-3756

The CVE-2024-3756 vulnerability affects MF Gig Calendar WordPress plugin versions ≤ 1.2.1 and could allow CSRF-enabled attackers to delete arbitrary events by convincing a logged-in user (Contributors+) to perform actions. The linked Red Hat/OSV entries confirm the same issue description but do n...

7.5CVSS6.7AI score0.00317EPSS
CVE
CVE
added 2021/09/13 5:56 p.m.69 views

CVE-2021-24510

The issue affects the WordPress MF Gig Calendar plugin prior to version 1.2. The GET parameter id is not sanitized/escaped when editing an Event, causing a reflected XSS in the admin dashboard. Impact includes injection of scripts into the admin UI; remediation is to update to version 1.2 or late...

6.1CVSS6AI score0.02721EPSS
CVE
CVE
added 2024/05/06 6:0 a.m.61 views

CVE-2024-3755

CVE-2024-3755 affects MF Gig Calendar for WordPress up to version 1.2.1. The root cause is that the plugin does not sanitize/escape certain settings, enabling a stored XSS when a high-privilege user (e.g., Editor) interacts with the plugin, even if unfiltered_html is disallowed (such as in multis...

5.4CVSS5.6AI score0.00425EPSS
CVE
CVE
added 2023/12/28 6:32 p.m.51 views

CVE-2023-50842

CVE-2023-50842 : In MF Gig Calendar (WordPress plugin), an SQL Injection vulnerability arises from improper neutralization of special elements in SQL commands. Affected versions are MF Gig Calendar: from n/a through 1.2.1. The CVSS v3.1 base score is 8.8 (HIGH) with network attack vector, low com...

8.8CVSS8.8AI score0.00481EPSS
CVE
CVE
added 2023/07/27 2:30 p.m.48 views

CVE-2023-37970

CVE-2023-37970 affects the WordPress plugin MF Gig Calendar by Matthew Fries. Versions

6.5CVSS5.5AI score0.00317EPSS