Spiffy Calendar Security Vulnerabilities and Issues — Spiffy Calendar CVE List

Lucene search

SpiffypluginsSpiffy Calendar

11 matches found

CVE•added 2024/02/27 9:15 a.m.•3812 views

CVE-2024-0855

The Spiffy Calendar WordPress plugin before 4.9.9 doesn't check the event_author parameter, and allows any user to alter it when creating an event, leading to deceiving users/admins that a page was created by a Contributor+.

5.3CVSS5.1AI score0.00258EPSS

CVE•added 2022/02/21 6:15 p.m.•72 views

CVE-2022-25599

Cross-Site Request Forgery (CSRF) vulnerability leading to event deletion was discovered in Spiffy Calendar WordPress plugin (versions

5.4CVSS4.7AI score0.0025EPSS

CVE•added 2022/05/20 9:15 p.m.•70 views

CVE-2022-29434

Insecure Direct Object References (IDOR) vulnerability in Spiffy Plugins Spiffy Calendar

6.3CVSS5.6AI score0.01501EPSS

CVE•added 2024/03/29 2:15 p.m.•56 views

CVE-2024-30427

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spiffy Plugins Spiffy Calendar allows Reflected XSS.This issue affects Spiffy Calendar: from n/a through 4.9.7.

7.1CVSS7.1AI score0.00232EPSS

CVE•added 2023/12/14 3:15 p.m.•52 views

CVE-2023-49745

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spiffy Plugins Spiffy Calendar allows Stored XSS.This issue affects Spiffy Calendar: from n/a through 4.9.5.

6.5CVSS5.6AI score0.00181EPSS

CVE•added 2024/07/22 11:15 a.m.•48 views

CVE-2024-38692

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spiffy Plugins Spiffy Calendar allows SQL Injection.This issue affects Spiffy Calendar: from n/a through 4.9.11.

7.6CVSS7.9AI score0.04324EPSS

CVE•added 2023/11/03 1:15 p.m.•46 views

CVE-2022-46859

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spiffy Plugins Spiffy Calendar spiffy-calendar allows SQL Injection.This issue affects Spiffy Calendar: from n/a through 4.9.1.

9.8CVSS9.9AI score0.0021EPSS

CVE•added 2023/08/18 4:15 p.m.•40 views

CVE-2023-32122

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Spiffy Plugins Spiffy Calendar plugin

6.1CVSS5.7AI score0.00083EPSS

CVE•added 2024/09/15 8:15 a.m.•37 views

CVE-2024-45458

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Spiffy Plugins Spiffy Calendar allows Reflected XSS.This issue affects Spiffy Calendar: from n/a through 4.9.13.

7.1CVSS6.7AI score0.00127EPSS

CVE•added 2024/06/04 8:15 p.m.•33 views

CVE-2024-30528

Missing Authorization vulnerability in Spiffy Plugins Spiffy Calendar.This issue affects Spiffy Calendar: from n/a through 4.9.10.

6.3CVSS5.9AI score0.00076EPSS

CVE•added 2024/09/15 8:15 a.m.•33 views

CVE-2024-45457

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Spiffy Plugins Spiffy Calendar allows Stored XSS.This issue affects Spiffy Calendar: from n/a through 4.9.13.

6.5CVSS6.2AI score0.00064EPSS