Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Eventcalendar
(Theeventscalendar)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 2 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-01-17 | CVE-2021-25025 | The EventCalendar WordPress plugin before 1.1.51 does not have proper authorisation and CSRF checks in the add_calendar_event AJAX actions, allowing users with a role as low as subscriber to create events | Eventcalendar | 4.3 | ||
| 2022-01-17 | CVE-2021-25024 | The EventCalendar WordPress plugin before 1.1.51 does not escape some user input before outputting it back in attributes, leading to Reflected Cross-SIte Scripting issues | Eventcalendar | 6.1 |