Vulnerabilities > Spiffyplugins > Spiffy Calendar
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-15 | CVE-2024-45457 | Cross-site Scripting vulnerability in Spiffyplugins Spiffy Calendar Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Spiffy Plugins Spiffy Calendar allows Stored XSS.This issue affects Spiffy Calendar: from n/a through 4.9.13. | 5.4 |
| 2024-09-15 | CVE-2024-45458 | Cross-site Scripting vulnerability in Spiffyplugins Spiffy Calendar Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Spiffy Plugins Spiffy Calendar allows Reflected XSS.This issue affects Spiffy Calendar: from n/a through 4.9.13. | 6.1 |
| 2024-07-22 | CVE-2024-38692 | Unspecified vulnerability in Spiffyplugins Spiffy Calendar Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spiffy Plugins Spiffy Calendar allows SQL Injection.This issue affects Spiffy Calendar: from n/a through 4.9.11. | 7.2 |
| 2024-06-04 | CVE-2024-30528 | Unspecified vulnerability in Spiffyplugins Spiffy Calendar Missing Authorization vulnerability in Spiffy Plugins Spiffy Calendar.This issue affects Spiffy Calendar: from n/a through 4.9.10. | 6.3 |
| 2023-12-14 | CVE-2023-49745 | Unspecified vulnerability in Spiffyplugins Spiffy Calendar Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spiffy Plugins Spiffy Calendar allows Stored XSS.This issue affects Spiffy Calendar: from n/a through 4.9.5. | 5.4 |
| 2023-11-03 | CVE-2022-46859 | Unspecified vulnerability in Spiffyplugins Spiffy Calendar Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spiffy Plugins Spiffy Calendar spiffy-calendar allows SQL Injection.This issue affects Spiffy Calendar: from n/a through 4.9.1. | 9.8 |
| 2023-08-18 | CVE-2023-32122 | Unspecified vulnerability in Spiffyplugins Spiffy Calendar Unauth. | 6.1 |
| 2022-05-20 | CVE-2022-29434 | Authorization Bypass Through User-Controlled Key vulnerability in Spiffyplugins Spiffy Calendar Insecure Direct Object References (IDOR) vulnerability in Spiffy Plugins Spiffy Calendar <= 4.9.0 at WordPress allows an attacker to edit or delete events. | 5.4 |
| 2022-02-21 | CVE-2022-25599 | Cross-Site Request Forgery (CSRF) vulnerability in Spiffyplugins Spiffy Calendar Cross-Site Request Forgery (CSRF) vulnerability leading to event deletion was discovered in Spiffy Calendar WordPress plugin (versions <= 4.9.0). | 4.3 |