Vulnerabilities > Spiffyplugins

DATE	CVE	VULNERABILITY TITLE	RISK
2023-12-14	CVE-2023-49745	Cross-site Scripting vulnerability in Spiffyplugins Spiffy Calendar Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spiffy Plugins Spiffy Calendar allows Stored XSS.This issue affects Spiffy Calendar: from n/a through 4.9.5. network low complexity spiffyplugins CWE-79	5.4
2023-11-03	CVE-2022-46859	SQL Injection vulnerability in Spiffyplugins Spiffy Calendar Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spiffy Plugins Spiffy Calendar spiffy-calendar allows SQL Injection.This issue affects Spiffy Calendar: from n/a through 4.9.1. network low complexity spiffyplugins CWE-89 critical	9.8
2023-08-18	CVE-2023-32122	Cross-site Scripting vulnerability in Spiffyplugins Spiffy Calendar Unauth. network low complexity spiffyplugins CWE-79	6.1
2022-05-20	CVE-2022-29434	Authorization Bypass Through User-Controlled Key vulnerability in Spiffyplugins Spiffy Calendar Insecure Direct Object References (IDOR) vulnerability in Spiffy Plugins Spiffy Calendar <= 4.9.0 at WordPress allows an attacker to edit or delete events. network low complexity spiffyplugins CWE-639	4.0
2022-02-21	CVE-2022-25599	Cross-Site Request Forgery (CSRF) vulnerability in Spiffyplugins Spiffy Calendar Cross-Site Request Forgery (CSRF) vulnerability leading to event deletion was discovered in Spiffy Calendar WordPress plugin (versions <= 4.9.0). network spiffyplugins CWE-352	4.3

Vulnerabilities > Spiffyplugins {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Spiffyplugins"}]}

Vulnerabilities > Spiffyplugins