Filtered by vendor Spiffyplugins
Subscribe
Total
11 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-38692 | 1 Spiffyplugins | 1 Spiffy Calendar | 2024-11-21 | N/A | 7.6 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spiffy Plugins Spiffy Calendar allows SQL Injection.This issue affects Spiffy Calendar: from n/a through 4.9.11. | |||||
| CVE-2024-35651 | 1 Spiffyplugins | 1 Wp Flow Plus | 2024-11-21 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Spiffy Plugins WP Flow Plus allows Stored XSS.This issue affects WP Flow Plus: from n/a through 5.2.2. | |||||
| CVE-2024-30528 | 1 Spiffyplugins | 1 Spiffy Calendar | 2024-11-21 | N/A | 5.4 MEDIUM |
| Missing Authorization vulnerability in Spiffy Plugins Spiffy Calendar.This issue affects Spiffy Calendar: from n/a through 4.9.10. | |||||
| CVE-2023-49745 | 1 Spiffyplugins | 1 Spiffy Calendar | 2024-11-21 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spiffy Plugins Spiffy Calendar allows Stored XSS.This issue affects Spiffy Calendar: from n/a through 4.9.5. | |||||
| CVE-2023-32122 | 1 Spiffyplugins | 1 Spiffy Calendar | 2024-11-21 | N/A | 5.8 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Spiffy Plugins Spiffy Calendar plugin <= 4.9.3 versions. | |||||
| CVE-2022-46859 | 1 Spiffyplugins | 1 Spiffy Calendar | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spiffy Plugins Spiffy Calendar spiffy-calendar allows SQL Injection.This issue affects Spiffy Calendar: from n/a through 4.9.1. | |||||
| CVE-2022-29434 | 1 Spiffyplugins | 1 Spiffy Calendar | 2024-11-21 | 4.0 MEDIUM | 6.3 MEDIUM |
| Insecure Direct Object References (IDOR) vulnerability in Spiffy Plugins Spiffy Calendar <= 4.9.0 at WordPress allows an attacker to edit or delete events. | |||||
| CVE-2022-25599 | 1 Spiffyplugins | 1 Spiffy Calendar | 2024-11-21 | 4.3 MEDIUM | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability leading to event deletion was discovered in Spiffy Calendar WordPress plugin (versions <= 4.9.0). | |||||
| CVE-2024-49695 | 1 Spiffyplugins | 1 Wp Flow Plus | 2024-11-08 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Spiffy Plugins WP Flow Plus allows Stored XSS.This issue affects WP Flow Plus: from n/a through 5.2.3. | |||||
| CVE-2024-45457 | 1 Spiffyplugins | 1 Spiffy Calendar | 2024-09-19 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Spiffy Plugins Spiffy Calendar allows Stored XSS.This issue affects Spiffy Calendar: from n/a through 4.9.13. | |||||
| CVE-2024-45458 | 1 Spiffyplugins | 1 Spiffy Calendar | 2024-09-19 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Spiffy Plugins Spiffy Calendar allows Reflected XSS.This issue affects Spiffy Calendar: from n/a through 4.9.13. | |||||