NotCVE - vendor:"Offshorewebmaster" product:"Availability Calendar"

3 results (0.002 seconds)

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-48744 – WordPress Availability Calendar Plugin <= 1.2.6 is vulnerable to Cross Site Request Forgery (CSRF)

https://notcve.org/view.php?id=CVE-2023-48744

24 Nov 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Offshore Web Master Availability Calendar allows Cross Site Request Forgery.This issue affects Availability Calendar: from n/a through 1.2.6. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Offshore Web Master Availability Calendar permite Cross Site Request Forgery. Este problema afecta a Availability Calendar: desde n/a hasta 1.2.6. The Availability Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and inc... • https://patchstack.com/database/vulnerability/availability-calendar/wordpress-availability-calendar-plugin-1-2-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2021-24606 – Availability Calendar < 1.2.1 - Authenticated SQL Injection

https://notcve.org/view.php?id=CVE-2021-24606

04 Aug 2021 — The Availability Calendar WordPress plugin before 1.2.1 does not escape the category attribute from its shortcode before using it in a SQL statement, leading to a SQL Injection issue, which can be exploited by any user able to add shortcode to posts/pages, such as contributor+ El plugin Availability Calendar de WordPress versiones anteriores a 1.2.1 no escapa del atributo category de su shortcode antes de usarlo en una sentencia SQL, conllevando a un problema de inyección SQL, que puede ser explotado por cu... • https://wpscan.com/vulnerability/fe49f48a-f97a-44fe-8d71-be08e7ce4f83 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1

CVE-2021-24604 – Availability Calendar < 1.2.2 - Authenticated Stored Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2021-24604

03 Aug 2021 — The Availability Calendar WordPress plugin before 1.2.2 does not sanitise or escape its Category Names before outputting them in page/post where the associated shortcode is embed, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed El plugin Availability Calendar de WordPress versiones anteriores a 1.2.2, no sanea o escapa de sus Nombres de Categoría antes de mostrarlos en la página/post donde el shortcode asociado está insertado, permitiendo a u... • https://wpscan.com/vulnerability/d084c5b1-45f1-4e7e-b3e9-3c98ae4bce9c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •