cleantalk
Vulnerabilities and Security Researches

Simple Calendar – Google Calendar Plugin, e98a6264-9c5a-417f-b2f8-bd0017b411a0

CVE, Research URL

e98a6264-9c5a-417f-b2f8-bd0017b411a0

Home page URL

Security reports for Simple Calendar – Google Calendar Plugin

Application

Simple Calendar – Google Calendar Plugin

Published on
-
Research Description
Simple Calendar &#8211; Google Calendar Plugin [google-calendar-events] < 3.2.5 Simple Calendar &lt; 3.2.5 - Cross-Site Request Forgery via duplicate_feed The Simple Calendar &ndash; Google Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to 3.2.5 (exclusive). This is due to missing or incorrect nonce validation on the duplicate_feed function. This makes it possible for unauthenticated attackers to duplicate feeds via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
max 3.2.5.
Status
vulnerable
Previous vulnerability researches
Plugin Name: oQey Headers (c7ce760ee7c36905095c8fa8843b97a99356157d) , Jun 07, 2024
Plugin Name: oQey Headers (ab0a8668-3002-4d29-86a0-9800d5aa9ddc) , Jun 16, 2026
New vulnerability
leenk.me (753d31765913b4d2dbb8af0a5512e5f1f8c70c61) , Jun 16, 2026
Social Hashtags (5abd4657-8a58-4d97-b8cb-b67235ab5b8a) , Jun 16, 2026
Social Hashtags (1965c7b04565befbb11c28b56cb6922733a47b03) , Jun 16, 2026
Social Hashtags (a7cf6766582e354e702766a86f85716127d19bdc) , Jun 16, 2026
Simple Calendar &#8211; Google Calendar Plugin (e98a6264-9c5a-417f-b2f8-bd0017b411a0) , Jun 16, 2026