Spiffy_calendar - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Spiffy_calendar
(Spiffyplugins)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	11

Date	Id	Summary	Products	Score	Patch	Annotated
2024-02-27	CVE-2024-0855	The Spiffy Calendar WordPress plugin before 4.9.9 doesn't check the event_author parameter, and allows any user to alter it when creating an event, leading to deceiving users/admins that a page was created by a Contributor+.	Spiffy_calendar	N/A
2024-03-29	CVE-2024-30427	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spiffy Plugins Spiffy Calendar allows Reflected XSS.This issue affects Spiffy Calendar: from n/a through 4.9.7.	Spiffy_calendar	6.1
2022-05-20	CVE-2022-29434	Insecure Direct Object References (IDOR) vulnerability in Spiffy Plugins Spiffy Calendar <= 4.9.0 at WordPress allows an attacker to edit or delete events.	Spiffy_calendar	5.4
2022-02-21	CVE-2022-25599	Cross-Site Request Forgery (CSRF) vulnerability leading to event deletion was discovered in Spiffy Calendar WordPress plugin (versions <= 4.9.0).	Spiffy_calendar	4.3
2023-08-18	CVE-2023-32122	Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Spiffy Plugins Spiffy Calendar plugin <= 4.9.3 versions.	Spiffy_calendar	6.1
2023-11-03	CVE-2022-46859	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spiffy Plugins Spiffy Calendar spiffy-calendar allows SQL Injection.This issue affects Spiffy Calendar: from n/a through 4.9.1.	Spiffy_calendar	9.8
2023-12-14	CVE-2023-49745	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spiffy Plugins Spiffy Calendar allows Stored XSS.This issue affects Spiffy Calendar: from n/a through 4.9.5.	Spiffy_calendar	5.4
2024-06-04	CVE-2024-30528	Missing Authorization vulnerability in Spiffy Plugins Spiffy Calendar.This issue affects Spiffy Calendar: from n/a through 4.9.10.	Spiffy_calendar	6.3
2024-07-22	CVE-2024-38692	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spiffy Plugins Spiffy Calendar allows SQL Injection.This issue affects Spiffy Calendar: from n/a through 4.9.11.	Spiffy_calendar	7.2
2024-09-15	CVE-2024-45457	Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Spiffy Plugins Spiffy Calendar allows Stored XSS.This issue affects Spiffy Calendar: from n/a through 4.9.13.	Spiffy_calendar	5.4