Update the WordPress Spiffy Calendar plugin to the latest available version (at least 4.9.1).
FearZzZz discovered and reported this Insecure Direct Object References (IDOR) vulnerability in WordPress Spiffy Calendar Plugin. An insecure direct object reference vulnerability could allow a malicious actor to bypass authorization, authentication, access sensitive files/folders or interact with the database. This vulnerability has been fixed in version 4.9.1.
Event deletion via CrossSite Request Forgery (CSRF) vulnerability
5.4
10.02.2022
Authenticated Reflected CrossSite Scripting (XSS) vulnerability
4.7
10.02.2022
Admin+ Persistent CrossSite Scripting (XSS) vulnerability
3.4
10.02.2022
Multiple Authenticated Reflected CrossSite Scripting (XSS) vulnerabilities
4.7
10.02.2022
Successfully submit vulnerabilities and receive an invite to our Alliance platform.
Learn more
Close
Spiffy Calendar
LinkedIn
Facebook
Twitter
Join Discord
