Update the WordPress Spiffy Calendar plugin to the latest available version (at least 4.9.1).
FearZzZz discovered and reported this Insecure Direct Object References (IDOR) vulnerability in WordPress Spiffy Calendar Plugin. An insecure direct object reference vulnerability could allow a malicious actor to bypass authorization, authentication, access sensitive files/folders or interact with the database. This vulnerability has been fixed in version 4.9.1.
Event deletion via CrossSite Request Forgery (CSRF) vulnerability
10.02.2022
Authenticated Reflected CrossSite Scripting (XSS) vulnerability
10.02.2022
Admin+ Persistent CrossSite Scripting (XSS) vulnerability
10.02.2022
Multiple Authenticated Reflected CrossSite Scripting (XSS) vulnerabilities
10.02.2022