CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30534 – WordPress Calendarista Basic Edition plugin <= 3.0.5 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-30534
29 Mar 2024 — Missing Authorization vulnerability in typps Calendarista Basic Edition.This issue affects Calendarista Basic Edition: from n/a through 3.0.5. Vulnerabilidad de autorización faltante en typps Calendarista Basic Edition. Este problema afecta a Calendarista Basic Edition: desde n/a hasta 3.0.5. The Calendarista Basic Edition plugin for WordPress is vulnerable to unauthorized access due to a missing capability check in versions up to, and including, 3.0.5. This makes it possible for unauthenticated attackers t... • https://patchstack.com/database/vulnerability/calendarista-basic-edition/wordpress-calendarista-basic-edition-plugin-3-0-5-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30240 – WordPress Calendarista plugin <= 15.5.7 - SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-30240
26 Mar 2024 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Typps Calendarista.This issue affects Calendarista: from n/a through 15.5.7. Neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyección SQL') en Typps Calendarista. Este problema afecta a Calendarista: desde n/a hasta 15.5.7. The Calendarista plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 15.5.7 due to insufficient... • https://patchstack.com/database/vulnerability/calendarista/wordpress-calendarista-plugin-15-5-7-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •