Cross-Site Request Forgery (CSRF) vulnerability leading to deletion and modification of calendars as well as the plugin settings discovered by Marco Wotschka in the WordPress VR Calendar plugin (versions <= 2.3.3).
Update the WordPress VR Calendar plugin to the latest available version (at least 2.3.4).
CPE | Name | Operator | Version |
---|---|---|---|
vr calendar | le | 2.3.3 |