My Calendar, CVE-2023-6360

CVE, Research URL: CVE-2023-6360
Home page URL: Security reports for My Calendar
Application: My Calendar
Published on: Nov 30, 2023
Research Description: The 'My Calendar' WordPress Plugin, version < 3.4.22 is affected by an unauthenticated SQL injection vulnerability in the 'from' and 'to' parameters in the '/my-calendar/v1/events' rest route.
Affected versions: max 3.4.24.
Status: vulnerable