Vulnerabilities > Spiffyplugins
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-12-14 | CVE-2023-49745 | Cross-site Scripting vulnerability in Spiffyplugins Spiffy Calendar Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spiffy Plugins Spiffy Calendar allows Stored XSS.This issue affects Spiffy Calendar: from n/a through 4.9.5. | 5.4 |
2023-11-03 | CVE-2022-46859 | SQL Injection vulnerability in Spiffyplugins Spiffy Calendar Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spiffy Plugins Spiffy Calendar spiffy-calendar allows SQL Injection.This issue affects Spiffy Calendar: from n/a through 4.9.1. | 9.8 |
2023-08-18 | CVE-2023-32122 | Cross-site Scripting vulnerability in Spiffyplugins Spiffy Calendar Unauth. | 6.1 |
2022-05-20 | CVE-2022-29434 | Authorization Bypass Through User-Controlled Key vulnerability in Spiffyplugins Spiffy Calendar Insecure Direct Object References (IDOR) vulnerability in Spiffy Plugins Spiffy Calendar <= 4.9.0 at WordPress allows an attacker to edit or delete events. | 4.0 |
2022-02-21 | CVE-2022-25599 | Cross-Site Request Forgery (CSRF) vulnerability in Spiffyplugins Spiffy Calendar Cross-Site Request Forgery (CSRF) vulnerability leading to event deletion was discovered in Spiffy Calendar WordPress plugin (versions <= 4.9.0). | 4.3 |