Product
total soft event calendar
7 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2024-8700
CVE-2022-36390
CVE-2022-38067
CVE-2021-25025
CVE-2021-25024
CVE-2018-6398
CVE-2007-6365
<= 1.0.4
The Event Calendar WordPress plugin through 1.0.4 does not check for authorization on delete actions, allowing unauthenticated use
<= 1.4.6
Authenticated (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Totalsoft Event Calendar - Calendar plugin <= 1.
<= 1.4.6
Unauthenticated Event Deletion vulnerability in Totalsoft Event Calendar - Calendar plugin <= 1.4.6 at WordPress.
< 1.1.51
The EventCalendar WordPress plugin before 1.1.51 does not have proper authorisation and CSRF checks in the add_calendar_event AJAX
< 1.1.51
The EventCalendar WordPress plugin before 1.1.51 does not escape some user input before outputting it back in attributes, leading
all versions
SQL Injection exists in the CP Event Calendar 3.0.1 component for Joomla! via the id parameter in a task=load action.
all versions
Cross-site scripting (XSS) vulnerability in modules/ecal/display.php in the Event Calendar in bcoos 1.0.10 allows remote attackers