Page 3 of 13 results (0.008 seconds)

CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0

Insecure Direct Object References (IDOR) vulnerability in Spiffy Plugins Spiffy Calendar <= 4.9.0 at WordPress allows an attacker to edit or delete events. Una vulnerabilidad de Referencias Directas a Objetos Inseguras (IDOR) en el plugin Spiffy Calendar de Spiffy versiones anteriores a 4.9.0 incluyéndola, en WordPress permite a un atacante editar o borrar eventos • https://patchstack.com/database/vulnerability/spiffy-calendar/wordpress-spiffy-calendar-plugin-4-9-0-edit-delete-event-via-idor-vulnerability https://wordpress.org/plugins/spiffy-calendar/#developers • CWE-639: Authorization Bypass Through User-Controlled Key •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

Cross-Site Request Forgery (CSRF) vulnerability leading to event deletion was discovered in Spiffy Calendar WordPress plugin (versions <= 4.9.0). Se ha detectado una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) conllevando a una eliminación de eventos en el plugin Spiffy Calendar de WordPress (versiones anteriores a 4.9.0 incluyéndola) • https://patchstack.com/database/vulnerability/spiffy-calendar/wordpress-spiffy-calendar-plugin-4-9-0-event-deletion-via-cross-site-request-forgery-csrf-vulnerability https://wordpress.org/plugins/spiffy-calendar/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.1EPSS: 0%CPEs: 39EXPL: 0

Cross site scripting (XSS) vulnerability in the Spiffy Calendar plugin before 3.3.0 for WordPress allows remote attackers to inject arbitrary JavaScript via the yr parameter. Una vulnerabilidad de tipo cross-site scripting (XSS) en el plugin Spiffy Calendar anterior a versión 3.3.0 para WordPress, permite a los atacantes remotos inyectar JavaScript arbitrario por medio del parámetro yr. • http://spiffycalendar.sunnythemes.com/version-3-3-0 http://www.securityfocus.com/bid/98931 https://wpvulndb.com/vulnerabilities/8842 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •