Vulnerabilities > Xtendify
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-25 | CVE-2024-8549 | Cross-site Scripting vulnerability in Xtendify Simple Calendar The Simple Calendar – Google Calendar Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.4.2. | 6.1 |
| 2024-07-04 | CVE-2024-37471 | Cross-site Scripting vulnerability in Xtendify Woffice Cross Site Scripting (XSS) vulnerability in WofficeIO Woffice Core allows Reflected XSS.This issue affects Woffice Core: from n/a through 5.4.8. | 6.1 |
| 2024-07-04 | CVE-2024-37472 | Cross-site Scripting vulnerability in Xtendify Woffice Cross Site Scripting (XSS) vulnerability in WofficeIO Woffice allows Reflected XSS.This issue affects Woffice: from n/a through 5.4.8. | 6.1 |
| 2023-10-27 | CVE-2023-32738 | Cross-site Scripting vulnerability in Xtendify Eonet Manual User Approve Auth. | 4.8 |
| 2023-10-25 | CVE-2023-46189 | Cross-Site Request Forgery (CSRF) vulnerability in Xtendify Simple Calendar Cross-Site Request Forgery (CSRF) vulnerability in Simple Calendar – Google Calendar Plugin <= 3.2.5 versions. | 8.8 |