CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38067 – WordPress Event Calendar – Calendar plugin <= 1.4.6 - Unauthenticated Event Deletion vulnerability
https://notcve.org/view.php?id=CVE-2022-38067
25 Aug 2022 — Unauthenticated Event Deletion vulnerability in Totalsoft Event Calendar – Calendar plugin <= 1.4.6 at WordPress. Una vulnerabilidad de Eliminación de Eventos no Autenticada en el plugin Totalsoft Event Calendar - Calendar versiones anteriores a 1.4.6 incluyéndola, en WordPress The Event Calendar plugin for WordPress lacks authorization and capability checks on several of its functions reachable via AJAX actions in versions up to, and including, 1.4.6. This makes it possible for unauthenticated attackers to... • https://patchstack.com/database/vulnerability/calendar-event/wordpress-event-calendar-calendar-plugin-1-4-6-unauthenticated-event-deletion-vulnerability/_s_id=cve • CWE-264: Permissions, Privileges, and Access Controls CWE-862: Missing Authorization •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36390 – WordPress Event Calendar – Calendar plugin <= 1.4.6 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2022-36390
25 Aug 2022 — Authenticated (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Totalsoft Event Calendar – Calendar plugin <= 1.4.6 at WordPress. Una vulnerabilidad de tipo cross-Site Scripting (XSS) Reflejado y Autenticado (suscriptor+) en el plugin Totalsoft Event Calendar - Calendar versiones anteriores a 1.4.6 incluyéndola, en WordPress The Event Calendar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.4.6 due to insufficient input sanitization ... • https://patchstack.com/database/vulnerability/calendar-event/wordpress-event-calendar-calendar-plugin-1-4-6-authenticated-reflected-cross-site-scripting-xss-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2007-6365
https://notcve.org/view.php?id=CVE-2007-6365
15 Dec 2007 — Cross-site scripting (XSS) vulnerability in modules/ecal/display.php in the Event Calendar in bcoos 1.0.10 allows remote attackers to inject arbitrary web script or HTML via the month parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: the day and year vectors are covered by CVE-2007-6274. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en modules/ecal/display.php en el Event Calendar de bcoos 1.0.10 permite a ... • http://secunia.com/advisories/26945 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •