CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31942 – WordPress Calendarista Basic Edition plugin <= 3.0.2 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-31942
10 Apr 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Typps Calendarista Basic Edition.This issue affects Calendarista Basic Edition: from n/a through 3.0.2. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Typps Calendarista Basic Edition. Este problema afecta a Calendarista Basic Edition: desde n/a hasta 3.0.2. The Calendarista Basic Edition plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.2. This is due to missing or incorrect nonce validation on s... • https://patchstack.com/database/vulnerability/calendarista-basic-edition/wordpress-calendarista-basic-edition-plugin-3-0-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30240 – WordPress Calendarista plugin <= 15.5.7 - SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-30240
26 Mar 2024 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Typps Calendarista.This issue affects Calendarista: from n/a through 15.5.7. Neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyección SQL') en Typps Calendarista. Este problema afecta a Calendarista: desde n/a hasta 15.5.7. The Calendarista plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 15.5.7 due to insufficient... • https://patchstack.com/database/vulnerability/calendarista/wordpress-calendarista-plugin-15-5-7-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27993 – WordPress Calendarista Basic Edition plugin <= 3.0.2 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-27993
15 Mar 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Typps Calendarista Basic Edition.This issue affects Calendarista Basic Edition: from n/a through 3.0.2. Neutralización inadecuada de la entrada durante la vulnerabilidad de generación de páginas web ('Cross-site Scripting') en Typps Calendarista Basic Edition. Este problema afecta a Calendarista Basic Edition: desde n/a hasta 3.0.2. The Calendarista Basic Edition plugin for WordPress is vulnerable to Cross-... • https://patchstack.com/database/vulnerability/calendarista-basic-edition/wordpress-calendarista-basic-edition-plugin-3-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •