Vulnerabilities > Spiffyplugins
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-10-24 | CVE-2024-49695 | Cross-site Scripting vulnerability in Spiffyplugins WP Flow Plus Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Spiffy Plugins WP Flow Plus allows Stored XSS.This issue affects WP Flow Plus: from n/a through 5.2.3. | 5.4 |
2024-09-15 | CVE-2024-45457 | Cross-site Scripting vulnerability in Spiffyplugins Spiffy Calendar Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Spiffy Plugins Spiffy Calendar allows Stored XSS.This issue affects Spiffy Calendar: from n/a through 4.9.13. | 5.4 |
2024-09-15 | CVE-2024-45458 | Cross-site Scripting vulnerability in Spiffyplugins Spiffy Calendar Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Spiffy Plugins Spiffy Calendar allows Reflected XSS.This issue affects Spiffy Calendar: from n/a through 4.9.13. | 6.1 |
2024-07-22 | CVE-2024-38692 | Unspecified vulnerability in Spiffyplugins Spiffy Calendar Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spiffy Plugins Spiffy Calendar allows SQL Injection.This issue affects Spiffy Calendar: from n/a through 4.9.11. | 7.2 |
2024-06-04 | CVE-2024-30528 | Unspecified vulnerability in Spiffyplugins Spiffy Calendar Missing Authorization vulnerability in Spiffy Plugins Spiffy Calendar.This issue affects Spiffy Calendar: from n/a through 4.9.10. | 6.3 |
2024-06-04 | CVE-2024-35651 | Unspecified vulnerability in Spiffyplugins WP Flow Plus Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Spiffy Plugins WP Flow Plus allows Stored XSS.This issue affects WP Flow Plus: from n/a through 5.2.2. | 5.4 |
2023-12-14 | CVE-2023-49745 | Unspecified vulnerability in Spiffyplugins Spiffy Calendar Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spiffy Plugins Spiffy Calendar allows Stored XSS.This issue affects Spiffy Calendar: from n/a through 4.9.5. | 5.4 |
2023-11-03 | CVE-2022-46859 | Unspecified vulnerability in Spiffyplugins Spiffy Calendar Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spiffy Plugins Spiffy Calendar spiffy-calendar allows SQL Injection.This issue affects Spiffy Calendar: from n/a through 4.9.1. | 9.8 |
2023-08-18 | CVE-2023-32122 | Unspecified vulnerability in Spiffyplugins Spiffy Calendar Unauth. | 6.1 |
2022-05-20 | CVE-2022-29434 | Authorization Bypass Through User-Controlled Key vulnerability in Spiffyplugins Spiffy Calendar Insecure Direct Object References (IDOR) vulnerability in Spiffy Plugins Spiffy Calendar <= 4.9.0 at WordPress allows an attacker to edit or delete events. | 5.4 |