3 matches found
CVE-2022-2314
The CVE-2022-2314 case concerns the WordPress VR Calendar plugin (versions up to and including 2.3.2). Affected component: VR Calendar WordPress plugin; root cause: unauthenticated arbitrary PHP function calls, enabling remote code execution. Impact stated across sources: attacker can execute arb...
CVE-2022-3852
The VR Calendar plugin for WordPress (versions up to 2.3.3) is vulnerable to Cross-Site Request Forgery due to missing/incorrect nonce validation on several functions. This enables unauthenticated attackers to delete or modify calendars and plugin settings by inducing an admin to perform forged a...
CVE-2025-5936
CVE-2025-5936 documents a Cross-Site Forgery vulnerability in the WordPress VR Calendar plugin. Affected versions are all up to and including 2.4.7, where missing or incorrect nonce validation in the syncCalendar() function allows unauthenticated attackers to trigger a calendar sync via a forged ...