cleantalk
Vulnerabilities and Security Researches

Simple Calendar – Google Calendar Plugin, 3d3bbf542efa380d1c9c1f006aff813662cd771e

CVE, Research URL

3d3bbf542efa380d1c9c1f006aff813662cd771e

Home page URL

Security reports for Simple Calendar – Google Calendar Plugin

Application

Simple Calendar – Google Calendar Plugin

Published on
Oct 20, 2023
Research Description
Simple Calendar &#8211; Google Calendar Plugin [google-calendar-events] < 3.2.5 Simple Calendar <= 3.2.4 - Cross-Site Request Forgery via duplicate_feed The Simple Calendar – Google Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to 3.2.5 (exclusive). This is due to missing or incorrect nonce validation on the duplicate_feed function. This makes it possible for unauthenticated attackers to duplicate feeds via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
max 3.2.5.
Status
vulnerable
Previous vulnerability researches
Simple Calendar &#8211; Google Calendar Plugin (3cf93bf68b6c5ad07764a5abdd6bfc08b3355822) , Jun 16, 2026
Simple Calendar &#8211; Google Calendar Plugin (3d3bbf542efa380d1c9c1f006aff813662cd771e) , Jun 16, 2026
Simple Calendar &#8211; Google Calendar Plugin (e98a6264-9c5a-417f-b2f8-bd0017b411a0) , Jun 16, 2026
Simple Calendar &#8211; Google Calendar Plugin (CVE-2024-8549) , Sep 26, 2024
Simple Calendar &#8211; Google Calendar Plugin (CVE-2025-68979) , Jan 28, 2026
New vulnerability
Static Block (CVE-2026-10780) , Jun 17, 2026
wpDataTables &#8211; WordPress Data Table, Dynamic Tables &amp; Table Charts Plugin (CVE-2026-49080) , Jun 16, 2026
The Events Calendar (CVE-2026-49772) , Jun 16, 2026
WooCommerce Stripe Payment Gateway (CVE-2026-2381) , Jun 16, 2026
leenk.me (753d31765913b4d2dbb8af0a5512e5f1f8c70c61) , Jun 16, 2026