Shodan
Vulnerabilities
Vulnerable Software
Spiffyplugins:  >> Spiffy Calendar  >> 3.5.7  Security Vulnerabilities
CVE-2024-45457
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Spiffy Plugins Spiffy Calendar allows Stored XSS.This issue affects Spiffy Calendar: from n/a through 4.9.13.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-09-15
CVE-2024-45458
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Spiffy Plugins Spiffy Calendar allows Reflected XSS.This issue affects Spiffy Calendar: from n/a through 4.9.13.
CVSS Score
7.1
EPSS Score
0.001
Published
2024-09-15
CVE-2024-38692
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spiffy Plugins Spiffy Calendar allows SQL Injection.This issue affects Spiffy Calendar: from n/a through 4.9.11.
CVSS Score
7.6
EPSS Score
0.043
Published
2024-07-22
CVE-2024-30528
Missing Authorization vulnerability in Spiffy Plugins Spiffy Calendar.This issue affects Spiffy Calendar: from n/a through 4.9.10.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-06-04
CVE-2024-30427
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spiffy Plugins Spiffy Calendar allows Reflected XSS.This issue affects Spiffy Calendar: from n/a through 4.9.7.
CVSS Score
7.1
EPSS Score
0.002
Published
2024-03-29
CVE-2024-0855
The Spiffy Calendar WordPress plugin before 4.9.9 doesn't check the event_author parameter, and allows any user to alter it when creating an event, leading to deceiving users/admins that a page was created by a Contributor+.
CVSS Score
5.3
EPSS Score
0.003
Published
2024-02-27
CVE-2023-49745
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spiffy Plugins Spiffy Calendar allows Stored XSS.This issue affects Spiffy Calendar: from n/a through 4.9.5.
CVSS Score
6.5
EPSS Score
0.002
Published
2023-12-14
CVE-2022-46859
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spiffy Plugins Spiffy Calendar spiffy-calendar allows SQL Injection.This issue affects Spiffy Calendar: from n/a through 4.9.1.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-11-03
CVE-2023-32122
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Spiffy Plugins Spiffy Calendar plugin <= 4.9.3 versions.
CVSS Score
5.8
EPSS Score
0.001
Published
2023-08-18
CVE-2022-29434
Insecure Direct Object References (IDOR) vulnerability in Spiffy Plugins Spiffy Calendar <= 4.9.0 at WordPress allows an attacker to edit or delete events.
CVSS Score
6.3
EPSS Score
0.015
Published
2022-05-20


Products
Pricing
Contact Us

Shodan ® - All rights reserved