Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Spiffy Calendar Security Vulnerabilities

cve
cve

CVE-2022-25599

Cross-Site Request Forgery (CSRF) vulnerability leading to event deletion was discovered in Spiffy Calendar WordPress plugin (versions <= 4.9.0).

5.4CVSS

4.6AI Score

0.001EPSS

2022-02-21 06:15 PM
56
cve
cve

CVE-2022-29434

Insecure Direct Object References (IDOR) vulnerability in Spiffy Plugins Spiffy Calendar <= 4.9.0 at WordPress allows an attacker to edit or delete events.

6.3CVSS

5.4AI Score

0.001EPSS

2022-05-20 09:15 PM
54
4
cve
cve

CVE-2022-46859

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spiffy Plugins Spiffy Calendar spiffy-calendar allows SQL Injection.This issue affects Spiffy Calendar: from n/a through 4.9.1.

9.8CVSS

9.7AI Score

0.001EPSS

2023-11-03 01:15 PM
26
cve
cve

CVE-2023-32122

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Spiffy Plugins Spiffy Calendar plugin <= 4.9.3 versions.

6.1CVSS

6AI Score

0.001EPSS

2023-08-18 04:15 PM
13
cve
cve

CVE-2023-49745

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spiffy Plugins Spiffy Calendar allows Stored XSS.This issue affects Spiffy Calendar: from n/a through 4.9.5.

6.5CVSS

5.4AI Score

0.0004EPSS

2023-12-14 03:15 PM
35
cve
cve

CVE-2024-0855

The Spiffy Calendar WordPress plugin before 4.9.9 doesn't check the event_author parameter, and allows any user to alter it when creating an event, leading to deceiving users/admins that a page was created by a Contributor+.

5.3CVSS

6.6AI Score

0.0004EPSS

2024-02-27 09:15 AM
3798
cve
cve

CVE-2024-30528

Missing Authorization vulnerability in Spiffy Plugins Spiffy Calendar.This issue affects Spiffy Calendar: from n/a through 4.9.10.

6.3CVSS

7.2AI Score

0.0004EPSS

2024-06-04 08:15 PM
18
cve
cve

CVE-2024-38692

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spiffy Plugins Spiffy Calendar allows SQL Injection.This issue affects Spiffy Calendar: from n/a through 4.9.11.

7.6CVSS

7.9AI Score

0.001EPSS

2024-07-22 11:15 AM
30
cve
cve

CVE-2024-45457

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Spiffy Plugins Spiffy Calendar allows Stored XSS.This issue affects Spiffy Calendar: from n/a through 4.9.13.

6.5CVSS

6.4AI Score

0.0004EPSS

2024-09-15 08:15 AM
22
cve
cve

CVE-2024-45458

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Spiffy Plugins Spiffy Calendar allows Reflected XSS.This issue affects Spiffy Calendar: from n/a through 4.9.13.

7.1CVSS

6.9AI Score

0.0005EPSS

2024-09-15 08:15 AM
21