CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-29434 – WordPress Spiffy Calendar plugin <= 4.9.0 - Edit/Delete event via IDOR vulnerability
https://notcve.org/view.php?id=CVE-2022-29434
10 Feb 2022 — Insecure Direct Object References (IDOR) vulnerability in Spiffy Plugins Spiffy Calendar <= 4.9.0 at WordPress allows an attacker to edit or delete events. Una vulnerabilidad de Referencias Directas a Objetos Inseguras (IDOR) en el plugin Spiffy Calendar de Spiffy versiones anteriores a 4.9.0 incluyéndola, en WordPress permite a un atacante editar o borrar eventos • https://patchstack.com/database/vulnerability/spiffy-calendar/wordpress-spiffy-calendar-plugin-4-9-0-edit-delete-event-via-idor-vulnerability • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-25599 – WordPress Spiffy Calendar plugin <= 4.9.0 - Event deletion via Cross-Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2022-25599
10 Feb 2022 — Cross-Site Request Forgery (CSRF) vulnerability leading to event deletion was discovered in Spiffy Calendar WordPress plugin (versions <= 4.9.0). Se ha detectado una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) conllevando a una eliminación de eventos en el plugin Spiffy Calendar de WordPress (versiones anteriores a 4.9.0 incluyéndola) • https://patchstack.com/database/vulnerability/spiffy-calendar/wordpress-spiffy-calendar-plugin-4-9-0-event-deletion-via-cross-site-request-forgery-csrf-vulnerability • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 39EXPL: 0CVE-2017-9420 – Spiffy Calendar < 3.3.0 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-9420
02 Jun 2017 — Cross site scripting (XSS) vulnerability in the Spiffy Calendar plugin before 3.3.0 for WordPress allows remote attackers to inject arbitrary JavaScript via the yr parameter. Una vulnerabilidad de tipo cross-site scripting (XSS) en el plugin Spiffy Calendar anterior a versión 3.3.0 para WordPress, permite a los atacantes remotos inyectar JavaScript arbitrario por medio del parámetro yr. • http://spiffycalendar.sunnythemes.com/version-3-3-0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •