CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32299 – WordPress QuickCal <= 1.0.15 - Sensitive Data Exposure Vulnerability
https://notcve.org/view.php?id=CVE-2025-32299
16 May 2025 — Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Themovation QuickCal allows Retrieve Embedded Sensitive Data. This issue affects QuickCal: from n/a through 1.0.15. The QuickCal plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.15. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract sensitive user or configuration data. • https://patchstack.com/database/wordpress/plugin/quickcal/vulnerability/wordpress-quickcal-1-0-15-sensitive-data-exposure-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32310 – WordPress QuickCal plugin <= 1.0.13 - CSRF to Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2025-32310
16 May 2025 — Cross-Site Request Forgery (CSRF) vulnerability in ThemeMove QuickCal allows Privilege Escalation. This issue affects QuickCal: from n/a through 1.0.13. The QuickCal plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.13. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to gain administrative privileges via a forged request granted they can trick a site administrator into performing an ... • https://patchstack.com/database/wordpress/plugin/quickcal/vulnerability/wordpress-quickcal-plugin-1-0-13-csrf-to-privilege-escalation-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •