Vulnerabilities > Androidbubbles > WP Datepicker > 1.4.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-12-24 | CVE-2024-12468 | Cross-site Scripting vulnerability in Androidbubbles WP Datepicker The WP Datepicker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wpdp_get_selected_datepicker' parameter in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-11-01 | CVE-2024-47321 | Missing Authorization vulnerability in Androidbubbles WP Datepicker Missing Authorization vulnerability in Fahad Mahmood WP Datepicker allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Datepicker: from n/a through 2.1.1. | 9.8 |
| 2024-10-06 | CVE-2024-44042 | Cross-site Scripting vulnerability in Androidbubbles WP Datepicker Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Fahad Mahmood WP Datepicker allows Stored XSS.This issue affects WP Datepicker: from n/a through 2.1.1. | 4.8 |