Vulnerabilities and security researches forconnect-daily-web-calendar connect-daily-web-calendar

Jun 07, 2024

CVE, Research URL: CVE-2022-4320
Home page URL: Security reports for WordPress Events Calendar Plugin – connectDaily
Application: WordPress Events Calendar Plugin – connectDaily
Date: Jan 16, 2023
Research Description: The WordPress Events Calendar WordPress plugin before 1.4.5 does not sanitize and escapes a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against both unauthenticated and authenticated users (such as high-privilege ones like admin).
Affected versions: Min -, max -.
Status: vulnerable

Apr 11, 2025

CVE, Research URL: CVE-2025-32597
Home page URL: Security reports for WordPress Events Calendar Plugin – connectDaily
Application: WordPress Events Calendar Plugin – connectDaily
Date: Apr 09, 2025
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in George Sexton WordPress Events Calendar Plugin – connectDaily allows Cross-Site Scripting (XSS). This issue affects WordPress Events Calendar Plugin – connectDaily: from n/a through 1.4.8.
Affected versions: Min -, max -.
Status: vulnerable