Spiffy Calendar@* Security Vulnerabilities and Issues — Spiffy Calendar@* CVE List

Lucene search

SpiffypluginsSpiffy Calendar*

6 matches found

CVE•added 2024/02/27 9:15 a.m.•3812 views

CVE-2024-0855

The Spiffy Calendar WordPress plugin before 4.9.9 doesn't check the event_author parameter, and allows any user to alter it when creating an event, leading to deceiving users/admins that a page was created by a Contributor+.

5.3CVSS5.1AI score0.00258EPSS

CVE•added 2024/03/29 2:15 p.m.•56 views

CVE-2024-30427

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spiffy Plugins Spiffy Calendar allows Reflected XSS.This issue affects Spiffy Calendar: from n/a through 4.9.7.

7.1CVSS7.1AI score0.00232EPSS

CVE•added 2024/07/22 11:15 a.m.•48 views

CVE-2024-38692

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spiffy Plugins Spiffy Calendar allows SQL Injection.This issue affects Spiffy Calendar: from n/a through 4.9.11.

7.6CVSS7.9AI score0.04324EPSS

CVE•added 2024/09/15 8:15 a.m.•37 views

CVE-2024-45458

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Spiffy Plugins Spiffy Calendar allows Reflected XSS.This issue affects Spiffy Calendar: from n/a through 4.9.13.

7.1CVSS6.7AI score0.00127EPSS

CVE•added 2024/06/04 8:15 p.m.•33 views

CVE-2024-30528

Missing Authorization vulnerability in Spiffy Plugins Spiffy Calendar.This issue affects Spiffy Calendar: from n/a through 4.9.10.

6.3CVSS5.9AI score0.00076EPSS

CVE•added 2024/09/15 8:15 a.m.•33 views

CVE-2024-45457

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Spiffy Plugins Spiffy Calendar allows Stored XSS.This issue affects Spiffy Calendar: from n/a through 4.9.13.

6.5CVSS6.2AI score0.00064EPSS