Vulnerabilities and security researches forgoogle-calendar-events google-calendar-events

Jun 06, 2024

CVE, Research URL: CVE-2023-49151
Home page URL: Security reports for Simple Calendar – Google Calendar Plugin
Application: Simple Calendar – Google Calendar Plugin
Date: Dec 14, 2023
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Simple Calendar Simple Calendar – Google Calendar Plugin allows Stored XSS.This issue affects Simple Calendar – Google Calendar Plugin: from n/a through 3.2.6.
Affected versions: max 3.2.8.
Status: vulnerable

CVE, Research URL: CVE-2014-7138
Home page URL: Security reports for Simple Calendar – Google Calendar Plugin
Application: Simple Calendar – Google Calendar Plugin
Date: Oct 17, 2014
Research Description: Cross-site scripting (XSS) vulnerability in the Google Calendar Events plugin before 2.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the gce_feed_ids parameter in a gce_ajax action to wp-admin/admin-ajax.php.
Affected versions: max 2.0.4.
Status: vulnerable

CVE, Research URL: CVE-2023-46189
Home page URL: Security reports for Simple Calendar – Google Calendar Plugin
Application: Simple Calendar – Google Calendar Plugin
Date: Oct 25, 2023
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in Simple Calendar – Google Calendar Plugin <= 3.2.5 versions.
Affected versions: max 3.2.5.
Status: vulnerable

Sep 26, 2024

CVE, Research URL: CVE-2024-8549
Home page URL: Security reports for Simple Calendar – Google Calendar Plugin
Application: Simple Calendar – Google Calendar Plugin
Date: Sep 25, 2024
Research Description: The Simple Calendar – Google Calendar Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.4.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions: max 3.4.3.
Status: vulnerable

Jan 28, 2026

CVE, Research URL: CVE-2025-68979
Home page URL: Security reports for Simple Calendar – Google Calendar Plugin
Application: Simple Calendar – Google Calendar Plugin
Date: Dec 30, 2025
Research Description: Authorization Bypass Through User-Controlled Key vulnerability in SimpleCalendar Google Calendar Events google-calendar-events allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Google Calendar Events: from n/a through <= 3.5.9.
Affected versions: max 3.5.9.
Status: vulnerable