CVE-2022-3852
The VR Calendar plugin for WordPress (versions up to 2.3.3) is vulnerable to Cross-Site Request Forgery due to missing/incorrect nonce validation on several functions. This enables unauthenticated attackers to delete or modify calendars and plugin settings by inducing an admin to perform forged a...