CVE-2022-25599 – WordPress Spiffy Calendar plugin <= 4.9.0 - Event deletion via Cross-Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2022-25599
Cross-Site Request Forgery (CSRF) vulnerability leading to event deletion was discovered in Spiffy Calendar WordPress plugin (versions <= 4.9.0). Se ha detectado una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) conllevando a una eliminación de eventos en el plugin Spiffy Calendar de WordPress (versiones anteriores a 4.9.0 incluyéndola) • https://patchstack.com/database/vulnerability/spiffy-calendar/wordpress-spiffy-calendar-plugin-4-9-0-event-deletion-via-cross-site-request-forgery-csrf-vulnerability https://wordpress.org/plugins/spiffy-calendar/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2017-9420 – Spiffy Calendar < 3.3.0 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-9420
Cross site scripting (XSS) vulnerability in the Spiffy Calendar plugin before 3.3.0 for WordPress allows remote attackers to inject arbitrary JavaScript via the yr parameter. Una vulnerabilidad de tipo cross-site scripting (XSS) en el plugin Spiffy Calendar anterior a versión 3.3.0 para WordPress, permite a los atacantes remotos inyectar JavaScript arbitrario por medio del parámetro yr. • http://spiffycalendar.sunnythemes.com/version-3-3-0 http://www.securityfocus.com/bid/98931 https://wpvulndb.com/vulnerabilities/8842 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •