Vulnerabilities and security researches forspiffy-calendar spiffy-calendar

Sep 16, 2024

CVE, Research URL: CVE-2024-45458
Home page URL: Security reports for Spiffy Calendar
Application: Spiffy Calendar
Date: Sep 15, 2024
Research Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Spiffy Plugins Spiffy Calendar allows Reflected XSS.This issue affects Spiffy Calendar: from n/a through 4.9.13.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-45457
Home page URL: Security reports for Spiffy Calendar
Application: Spiffy Calendar
Date: Sep 15, 2024
Research Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Spiffy Plugins Spiffy Calendar allows Stored XSS.This issue affects Spiffy Calendar: from n/a through 4.9.13.
Affected versions: Min -, max -.
Status: vulnerable

Sep 01, 2024

CVE, Research URL: CVE-2024-43969
Home page URL: Security reports for Spiffy Calendar
Application: Spiffy Calendar
Date: Sep 18, 2024
Research Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spiffy Plugins Spiffy Calendar allows SQL Injection.This issue affects Spiffy Calendar: from n/a through 4.9.12.
Affected versions: Min -, max -.
Status: vulnerable

Jul 13, 2024

CVE, Research URL: CVE-2024-38692
Home page URL: Security reports for Spiffy Calendar
Application: Spiffy Calendar
Date: Jul 22, 2024
Research Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spiffy Plugins Spiffy Calendar allows SQL Injection.This issue affects Spiffy Calendar: from n/a through 4.9.11.
Affected versions: Min -, max -.
Status: vulnerable

Jun 07, 2024

CVE, Research URL: CVE-2017-9420
Home page URL: Security reports for Spiffy Calendar
Application: Spiffy Calendar
Date: Jun 06, 2017
Research Description: Cross site scripting (XSS) vulnerability in the Spiffy Calendar plugin before 3.3.0 for WordPress allows remote attackers to inject arbitrary JavaScript via the yr parameter.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2022-29434
Home page URL: Security reports for Spiffy Calendar
Application: Spiffy Calendar
Date: May 21, 2022
Research Description: Insecure Direct Object References (IDOR) vulnerability in Spiffy Plugins Spiffy Calendar <= 4.9.0 at WordPress allows an attacker to edit or delete events.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2022-46859
Home page URL: Security reports for Spiffy Calendar
Application: Spiffy Calendar
Date: Nov 03, 2023
Research Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spiffy Plugins Spiffy Calendar spiffy-calendar allows SQL Injection.This issue affects Spiffy Calendar: from n/a through 4.9.1.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-49745
Home page URL: Security reports for Spiffy Calendar
Application: Spiffy Calendar
Date: Dec 14, 2023
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spiffy Plugins Spiffy Calendar allows Stored XSS.This issue affects Spiffy Calendar: from n/a through 4.9.5.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-0855
Home page URL: Security reports for Spiffy Calendar
Application: Spiffy Calendar
Date: Feb 27, 2024
Research Description: The Spiffy Calendar WordPress plugin before 4.9.9 doesn't check the event_author parameter, and allows any user to alter it when creating an event, leading to deceiving users/admins that a page was created by a Contributor+.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-30427
Home page URL: Security reports for Spiffy Calendar
Application: Spiffy Calendar
Date: Mar 29, 2024
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spiffy Plugins Spiffy Calendar allows Reflected XSS.This issue affects Spiffy Calendar: from n/a through 4.9.7.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2022-25599
Home page URL: Security reports for Spiffy Calendar
Application: Spiffy Calendar
Date: Feb 21, 2022
Research Description: Cross-Site Request Forgery (CSRF) vulnerability leading to event deletion was discovered in Spiffy Calendar WordPress plugin (versions <= 4.9.0).
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-32122
Home page URL: Security reports for Spiffy Calendar
Application: Spiffy Calendar
Date: Aug 18, 2023
Research Description: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Spiffy Plugins Spiffy Calendar plugin <= 4.9.3 versions.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-30528
Home page URL: Security reports for Spiffy Calendar
Application: Spiffy Calendar
Date: Jun 05, 2024
Research Description: Missing Authorization vulnerability in Spiffy Plugins Spiffy Calendar.This issue affects Spiffy Calendar: from n/a through 4.9.10.
Affected versions: Min -, max -.
Status: vulnerable