Lucene search
+L
SpiffypluginsSpiffy Calendar

11 matches found

cve
cve
added 2024/02/27 8:30 a.m.3827 views

CVE-2024-0855

Summary: CVE-2024-0855 affects the Spiffy Calendar WordPress plugin (versions prior to 4.9.9). The root cause is that the plugin does not validate the event_author field when creating events, allowing any user to modify it and impersonate another author. Impact: creates deception about who create...

5.3CVSS5.1AI score0.00482EPSS
cve
cve
added 2022/02/21 5:49 p.m.85 views

CVE-2022-25599

CVE-2022-25599 describes a CSRF vulnerability in the WordPress plugin Spiffy Calendar (versions ≤ 4.9.0) that allows an attacker to trigger event deletion due to missing token validation on the delete request. Multiple sources document the issue and confirm the affected component as the plugin’s ...

5.4CVSS4.7AI score0.00405EPSS
cve
cve
added 2022/05/20 8:19 p.m.84 views

CVE-2022-29434

The CVE-2022-29434 entry concerns the WordPress Spiffy Calendar plugin (versions

6.3CVSS5.6AI score0.00672EPSS
cve
cve
added 2024/03/29 1:22 p.m.72 views

CVE-2024-30427

CVE-2024-30427 is a Reflected XSS in Spiffy Calendar (Spiffy Plugins) for WordPress. The vulnerability arises from Improper Neutralization of Input During Web Page Generation and affects Spiffy Calendar up to version 4.9.7 (n/a to 4.9.7). Public exploitation details are not provided in the availa...

7.1CVSS8.6AI score0.00414EPSS
cve
cve
added 2023/11/03 12:43 p.m.62 views

CVE-2022-46859

CVE-2022-46859 – Spiffy Calendar (WordPress plugin) Root cause: Improper neutralization of special elements used in SQL commands (SQL Injection) in the Spiffy Calendar plugin (spiffy-calendar). Affected: Spiffy Calendar versions up to and including 4.9.1 (on WordPress). Impact: High-risk vulnerab...

9.8CVSS8.9AI score0.0055EPSS
cve
cve
added 2023/12/14 2:34 p.m.61 views

CVE-2023-49745

Product/Component: WordPress Spiffy Calendar pluginVulnerability: Stored Cross-Site Scripting (XSS) due to improper input sanitization/escaping in shortcode attributesAffects: Spiffy Calendar versions

6.5CVSS5.7AI score0.00409EPSS
cve
cve
added 2024/07/22 10:11 a.m.61 views

CVE-2024-38692

CVE-2024-38692 (Spiffy Calendar) : A SQL Injection in the Spiffy Calendar plugin (WordPress) exists due to improper neutralization of SQL elements. Affected versions are up to 4.9.11, with the injection exploitable in an authenticated context (Administrator+). The CVE entry is linked to WordPress...

7.6CVSS7.9AI score0.00717EPSS
cve
cve
added 2024/09/15 7:42 a.m.58 views

CVE-2024-45458

CVE-2024-45458 affects Spiffy Calendar plugin for WordPress (versions

7.1CVSS5.9AI score0.00293EPSS
cve
cve
added 2023/08/18 3:17 p.m.57 views

CVE-2023-32122

The CVE-2023-32122 issue affects the WordPress Spiffy Calendar plugin, with versions ≤ 4.9.3 vulnerable to unauthenticated, reflected Cross-Site Scripting (XSS) via a page parameter. The root cause is an XSS flaw that can be triggered without authentication, as documented in multiple sources. A f...

6.1CVSS5.7AI score0.00337EPSS
cve
cve
added 2024/09/15 7:43 a.m.47 views

CVE-2024-45457

CVE-2024-45457 affects Spiffy Calendar plugin for WordPress (versions through 4.9.13). The vulnerability is a Stored XSS due to improper input neutralization during web page generation. Public records from Patchstack and Red Hat confirm this, listing the affected range as up to 4.9.13 and noting ...

6.5CVSS5.9AI score0.00248EPSS
cve
cve
added 2024/06/04 7:19 p.m.44 views

CVE-2024-30528

CVE-2024-30528 is a Missing Authorization (Broken Access Control) vulnerability in Spiffy Calendar (Spiffy Plugins) affecting Spiffy Calendar versions up to 4.9.10. Exploitation would require network access with low privileges and no user interaction; the CVSS base metrics indicate Confidentialit...

6.3CVSS5.9AI score0.00279EPSS