3 matches found
CVE-2022-36390
The CVE-2022-36390 entry concerns the WordPress Totalsoft Event Calendar – Calendar plugin (versions 1.4.6 and earlier). The root cause is an authenticated reflected cross-site scripting (XSS) vulnerability in the plugin’s handling of input, which can affect authenticated users (subscriber+). Pra...
CVE-2022-38067
CVE-2022-38067 affects the WordPress plugin Totalsoft Event Calendar – Calendar (versions
CVE-2024-8700
CVE-2024-8700 affects the WordPress plugin Event Calendar (versions up to 1.0.4). The issue is lack of authorization checks on delete actions, allowing unauthenticated users to delete calendars. The connected sources confirm the vulnerability exists but do not provide a fixed version or patch det...