| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2024-1123 | EventPrime – Events Calendar, Bookings and Tickets <= 3.4.2 - Missing Authorization to Arbitrary Post Overwrite | metagauss | EventPrime – Events Calendar, Bookings and Tickets | Medium | 6.5 | 2024-03-09 07:01:09 | Deep Dive |
| CVE-2024-1124 | EventPrime – Events Calendar, Bookings and Tickets <= 3.4.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Sending | metagauss | EventPrime – Events Calendar, Bookings and Tickets | Medium | 4.3 | 2024-03-09 07:01:05 | Deep Dive |
| CVE-2024-1760 | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.6.20 - Cross-Site Request Forgery to Plugin Data Reset | croixhaug | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | Medium | 4.3 | 2024-03-06 05:33:23 | Deep Dive |
| CVE-2024-0855 | Spiffy Calendar < 4.9.9 - Broken Access Control | Unknown | Spiffy Calendar | 中危 | - | 2024-02-27 08:30:29 | Deep Dive |
| CVE-2024-24817 | User can see invitees in events created in PMs and private categories | discourse | discourse-calendar | Medium | 4.3 | 2024-02-22 17:45:58 | Deep Dive |
| CVE-2024-26145 | Uninvited user is able to join and mark the attendance of the the private event | discourse | discourse-calendar | Medium | 6.5 | 2024-02-21 17:19:11 | Deep Dive |
| CVE-2024-21727 | Extension - digtal-peak.com - XSS vulnerability in DP Calendar component for Joomla 8.0.0-8.0.14 | digital-peak.com | DP Calendar for Joomla | 中危 | - | 2024-02-15 06:54:29 | Deep Dive |
| CVE-2024-1122 | Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin <= 3.3.50 - Missing Authorization to Unauthenticated Events Export | arraytics | Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered) | Medium | 5.3 | 2024-02-09 04:31:54 | Deep Dive |
| CVE-2024-1207 | Booking Calendar <= 9.9 - Unauthenticated SQL Injection | wpdevelop | Booking Calendar | Critical | 9.8 | 2024-02-08 08:32:08 | Deep Dive |
| CVE-2023-6557 | The Events Calendar <= 6.2.8.2 - Unauthenticated Sensitive Information Exposure | stellarwp | The Events Calendar | Medium | 5.3 | 2024-02-05 21:22:06 | Deep Dive |
| CVE-2023-6808 | Booking for Appointments and Events Calendar – Amelia <= 1.0.93 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode | ameliabooking | Booking for Appointments and Events Calendar – Amelia | Medium | 6.4 | 2024-02-05 21:21:57 | Deep Dive |
| CVE-2023-51504 | WordPress Dan's Embedder for Google Calendar Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS) | Dan Dulaney | Dan's Embedder for Google Calendar | Medium | 6.5 | 2024-02-05 05:40:25 | Deep Dive |
| CVE-2023-51520 | WordPress Booking Calendar Plugin < 9.7.4 is vulnerable to Cross Site Scripting (XSS) | WPdevelop / Oplugins | WP Booking Calendar | Medium | 6.5 | 2024-02-01 11:14:46 | Deep Dive |
| CVE-2023-52142 | WordPress Events Shortcodes & Templates For The Events Calendar Plugin <= 2.3.1 is vulnerable to SQL Injection | Cool Plugins | Events Shortcodes For The Events Calendar | High | 7.6 | 2024-01-08 20:56:11 | Deep Dive |
| CVE-2023-51354 | WordPress Webba Booking Plugin <= 4.5.33 is vulnerable to Cross Site Request Forgery (CSRF) | WebbaPlugins | Appointment & Event Booking Calendar Plugin – Webba Booking | Medium | 4.3 | 2023-12-29 12:23:41 | Deep Dive |
| CVE-2023-50841 | WordPress BookingPress Plugin <= 1.0.72 is vulnerable to SQL Injection | Repute Infosystems | BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin | High | 8.5 | 2023-12-28 18:37:41 | Deep Dive |
| CVE-2023-50842 | WordPress MF Gig Calendar Plugin <= 1.2.1 is vulnerable to SQL Injection | Matthew Fries | MF Gig Calendar | High | 8.5 | 2023-12-28 18:32:33 | Deep Dive |
| CVE-2023-50852 | WordPress BookIt Plugin <= 2.4.3 is vulnerable to SQL Injection | StylemixThemes | Booking Calendar | Appointment Booking | BookIt | High | 7.6 | 2023-12-28 11:30:57 | Deep Dive |
| CVE-2023-50851 | WordPress Simply Schedule Appointments Plugin < 1.6.6.1 is vulnerable to SQL Injection | N Squared | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | High | 7.6 | 2023-12-28 11:28:30 | Deep Dive |
| CVE-2023-50860 | WordPress Amelia Plugin <= 1.0.85 is vulnerable to Cross Site Scripting (XSS) | TMS | Booking for Appointments and Events Calendar – Amelia | Medium | 6.5 | 2023-12-28 10:14:11 | Deep Dive |