Vulnerabilities > Spiffyplugins

DATE CVE VULNERABILITY TITLE RISK
2024-10-24 CVE-2024-49695 Cross-site Scripting vulnerability in Spiffyplugins WP Flow Plus
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Spiffy Plugins WP Flow Plus allows Stored XSS.This issue affects WP Flow Plus: from n/a through 5.2.3.
network
low complexity
spiffyplugins CWE-79
5.4
2024-09-15 CVE-2024-45457 Cross-site Scripting vulnerability in Spiffyplugins Spiffy Calendar
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Spiffy Plugins Spiffy Calendar allows Stored XSS.This issue affects Spiffy Calendar: from n/a through 4.9.13.
network
low complexity
spiffyplugins CWE-79
5.4
2024-09-15 CVE-2024-45458 Cross-site Scripting vulnerability in Spiffyplugins Spiffy Calendar
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Spiffy Plugins Spiffy Calendar allows Reflected XSS.This issue affects Spiffy Calendar: from n/a through 4.9.13.
network
low complexity
spiffyplugins CWE-79
6.1
2024-07-22 CVE-2024-38692 Unspecified vulnerability in Spiffyplugins Spiffy Calendar
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spiffy Plugins Spiffy Calendar allows SQL Injection.This issue affects Spiffy Calendar: from n/a through 4.9.11.
network
low complexity
spiffyplugins
7.2
2024-06-04 CVE-2024-30528 Unspecified vulnerability in Spiffyplugins Spiffy Calendar
Missing Authorization vulnerability in Spiffy Plugins Spiffy Calendar.This issue affects Spiffy Calendar: from n/a through 4.9.10.
network
low complexity
spiffyplugins
6.3
2024-06-04 CVE-2024-35651 Unspecified vulnerability in Spiffyplugins WP Flow Plus
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Spiffy Plugins WP Flow Plus allows Stored XSS.This issue affects WP Flow Plus: from n/a through 5.2.2.
network
low complexity
spiffyplugins
5.4
2023-12-14 CVE-2023-49745 Unspecified vulnerability in Spiffyplugins Spiffy Calendar
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spiffy Plugins Spiffy Calendar allows Stored XSS.This issue affects Spiffy Calendar: from n/a through 4.9.5.
network
low complexity
spiffyplugins
5.4
2023-11-03 CVE-2022-46859 Unspecified vulnerability in Spiffyplugins Spiffy Calendar
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spiffy Plugins Spiffy Calendar spiffy-calendar allows SQL Injection.This issue affects Spiffy Calendar: from n/a through 4.9.1.
network
low complexity
spiffyplugins
critical
9.8
2023-08-18 CVE-2023-32122 Unspecified vulnerability in Spiffyplugins Spiffy Calendar
Unauth.
network
low complexity
spiffyplugins
6.1
2022-05-20 CVE-2022-29434 Authorization Bypass Through User-Controlled Key vulnerability in Spiffyplugins Spiffy Calendar
Insecure Direct Object References (IDOR) vulnerability in Spiffy Plugins Spiffy Calendar <= 4.9.0 at WordPress allows an attacker to edit or delete events.
network
low complexity
spiffyplugins CWE-639
5.4