11 matches found
CVE-2024-0855
Summary: CVE-2024-0855 affects the Spiffy Calendar WordPress plugin (versions prior to 4.9.9). The root cause is that the plugin does not validate the event_author field when creating events, allowing any user to modify it and impersonate another author. Impact: creates deception about who create...
CVE-2022-25599
CVE-2022-25599 describes a CSRF vulnerability in the WordPress plugin Spiffy Calendar (versions ≤ 4.9.0) that allows an attacker to trigger event deletion due to missing token validation on the delete request. Multiple sources document the issue and confirm the affected component as the plugin’s ...
CVE-2022-29434
The CVE-2022-29434 entry concerns the WordPress Spiffy Calendar plugin (versions
CVE-2024-30427
CVE-2024-30427 is a Reflected XSS in Spiffy Calendar (Spiffy Plugins) for WordPress. The vulnerability arises from Improper Neutralization of Input During Web Page Generation and affects Spiffy Calendar up to version 4.9.7 (n/a to 4.9.7). Public exploitation details are not provided in the availa...
CVE-2022-46859
CVE-2022-46859 – Spiffy Calendar (WordPress plugin) Root cause: Improper neutralization of special elements used in SQL commands (SQL Injection) in the Spiffy Calendar plugin (spiffy-calendar). Affected: Spiffy Calendar versions up to and including 4.9.1 (on WordPress). Impact: High-risk vulnerab...
CVE-2023-49745
Product/Component: WordPress Spiffy Calendar pluginVulnerability: Stored Cross-Site Scripting (XSS) due to improper input sanitization/escaping in shortcode attributesAffects: Spiffy Calendar versions
CVE-2024-38692
CVE-2024-38692 (Spiffy Calendar) : A SQL Injection in the Spiffy Calendar plugin (WordPress) exists due to improper neutralization of SQL elements. Affected versions are up to 4.9.11, with the injection exploitable in an authenticated context (Administrator+). The CVE entry is linked to WordPress...
CVE-2024-45458
CVE-2024-45458 affects Spiffy Calendar plugin for WordPress (versions
CVE-2023-32122
The CVE-2023-32122 issue affects the WordPress Spiffy Calendar plugin, with versions ≤ 4.9.3 vulnerable to unauthenticated, reflected Cross-Site Scripting (XSS) via a page parameter. The root cause is an XSS flaw that can be triggered without authentication, as documented in multiple sources. A f...
CVE-2024-45457
CVE-2024-45457 affects Spiffy Calendar plugin for WordPress (versions through 4.9.13). The vulnerability is a Stored XSS due to improper input neutralization during web page generation. Public records from Patchstack and Red Hat confirm this, listing the affected range as up to 4.9.13 and noting ...
CVE-2024-30528
CVE-2024-30528 is a Missing Authorization (Broken Access Control) vulnerability in Spiffy Calendar (Spiffy Plugins) affecting Spiffy Calendar versions up to 4.9.10. Exploitation would require network access with low privileges and no user interaction; the CVSS base metrics indicate Confidentialit...