cleantalk
Vulnerabilities and Security Researches

My Calendar, ae279565ffb6079026256a60335315e56ecd917a

CVE, Research URL

ae279565ffb6079026256a60335315e56ecd917a

Home page URL

Security reports for My Calendar

Application

My Calendar

Published on
Feb 11, 2024
Research Description
My Calendar &#8211; Accessible Event Manager [my-calendar] < 3.4.24 My Calendar <= 3.4.23 - Authenticated (Admin+) Stored Cross-Site Scripting via Events The My Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via events in all versions up to, and including, 3.4.23 due to insufficient input sanitization and output escaping on event dates. This makes it possible for authenticated attackers with, admin-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 3.4.24.
Status
vulnerable
Previous vulnerability researches
My Calendar (39459852-324e-4e8d-93d1-18fb3f41f749) , Jun 16, 2026
My Calendar (bde4f31062c4e929459e32daf53ed3bdda188112) , Jun 16, 2026
My Calendar (ae279565ffb6079026256a60335315e56ecd917a) , Jun 16, 2026
My Calendar (03e970f0-5c80-4bfa-9ea8-d1555599dae9) , Jun 16, 2026
My Calendar (be9da608-bfa3-4c1e-af14-2a393d770a64) , Jun 16, 2026
New vulnerability
leenk.me (753d31765913b4d2dbb8af0a5512e5f1f8c70c61) , Jun 16, 2026
Social Hashtags (5abd4657-8a58-4d97-b8cb-b67235ab5b8a) , Jun 16, 2026
Social Hashtags (1965c7b04565befbb11c28b56cb6922733a47b03) , Jun 16, 2026
Social Hashtags (a7cf6766582e354e702766a86f85716127d19bdc) , Jun 16, 2026
Simple Calendar &#8211; Google Calendar Plugin (e98a6264-9c5a-417f-b2f8-bd0017b411a0) , Jun 16, 2026