Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Eventcalendar
(Theeventscalendar)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 2 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2022-01-17 | CVE-2021-25025 | The EventCalendar WordPress plugin before 1.1.51 does not have proper authorisation and CSRF checks in the add_calendar_event AJAX actions, allowing users with a role as low as subscriber to create events | Eventcalendar | 4.3 | ||
2022-01-17 | CVE-2021-25024 | The EventCalendar WordPress plugin before 1.1.51 does not escape some user input before outputting it back in attributes, leading to Reflected Cross-SIte Scripting issues | Eventcalendar | 6.1 |