Vulnerabilites related to mf_gig_calendar_project - mf_gig_calendar
Vulnerability from fkie_nvd
Published
2021-09-13 18:15
Modified
2024-11-21 05:53
Severity ?
Summary
The MF Gig Calendar WordPress plugin before 1.2 does not sanitise and escape the id GET parameter before outputting back in the admin dashboard when editing an Event, leading to a reflected Cross-Site Scripting issue
References
| ▼ | URL | Tags | |
|---|---|---|---|
| contact@wpscan.com | https://wpscan.com/vulnerability/715721b0-13a1-413a-864d-2380f38ecd39 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wpscan.com/vulnerability/715721b0-13a1-413a-864d-2380f38ecd39 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mf_gig_calendar_project | mf_gig_calendar | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mf_gig_calendar_project:mf_gig_calendar:*:*:*:*:wordpress:*:*:*",
"matchCriteriaId": "28CB3C7B-9238-4BB3-A23F-CDC8AFDAF244",
"versionEndIncluding": "1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The MF Gig Calendar WordPress plugin before 1.2 does not sanitise and escape the id GET parameter before outputting back in the admin dashboard when editing an Event, leading to a reflected Cross-Site Scripting issue"
},
{
"lang": "es",
"value": "El plugin MF Gig Calendar de WordPress versiones hasta 1.1, no sanea o escapa del par\u00e1metro id GET antes de mostrarlo en el panel de administraci\u00f3n cuando se edita un evento, conllevando a un problema de tipo Cross-Site Scripting reflejado"
}
],
"id": "CVE-2021-24510",
"lastModified": "2024-11-21T05:53:12.440",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-13T18:15:15.800",
"references": [
{
"source": "contact@wpscan.com",
"tags": [
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/715721b0-13a1-413a-864d-2380f38ecd39"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/715721b0-13a1-413a-864d-2380f38ecd39"
}
],
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Modified"
}
Vulnerability from fkie_nvd
Published
2024-04-26 08:15
Modified
2025-04-15 20:02
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Cross-Site Request Forgery (CSRF) vulnerability in Matthew Fries MF Gig Calendar.This issue affects MF Gig Calendar : from n/a through 1.2.1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mf_gig_calendar_project | mf_gig_calendar | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mf_gig_calendar_project:mf_gig_calendar:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "9A95FA02-9E77-43CF-8A55-E9C907928ED7",
"versionEndIncluding": "1.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Matthew Fries MF Gig Calendar.This issue affects MF Gig Calendar : from n/a through 1.2.1.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Matthew Fries MF Gig Calendar. Este problema afecta a MF Gig Calendar: desde n/a hasta 1.2.1."
}
],
"id": "CVE-2024-33651",
"lastModified": "2025-04-15T20:02:09.200",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "audit@patchstack.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-04-26T08:15:13.370",
"references": [
{
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
],
"url": "https://patchstack.com/database/vulnerability/mf-gig-calendar/wordpress-mf-gig-calendar-plugin-1-2-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://patchstack.com/database/vulnerability/mf-gig-calendar/wordpress-mf-gig-calendar-plugin-1-2-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
],
"sourceIdentifier": "audit@patchstack.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "audit@patchstack.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-10-01 23:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar page.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mf_gig_calendar_project | mf_gig_calendar | 0.9.2 | |
| wordpress | wordpress | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mf_gig_calendar_project:mf_gig_calendar:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DE4460DB-793E-493F-A217-9BFAF87866E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wordpress:wordpress:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A77EB0E7-7FA7-4232-97DF-7C7587D163F1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar page."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en el complemento MF Gig Calendar para WordPress, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de la cadena de consulta en la p\u00e1gina de calendario."
}
],
"id": "CVE-2012-4242",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-10-01T23:55:01.440",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.reactionpenetrationtesting.co.uk/mf-gig-calendar-xss.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/55622"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.reactionpenetrationtesting.co.uk/mf-gig-calendar-xss.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/55622"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-05-06 06:15
Modified
2025-04-18 12:54
Severity ?
Summary
The MF Gig Calendar WordPress plugin through 1.2.1 does not have CSRF checks in some places, which could allow attackers to make logged in Contributors and above delete arbitrary events via a CSRF attack
References
| ▼ | URL | Tags | |
|---|---|---|---|
| contact@wpscan.com | https://wpscan.com/vulnerability/b28d0dca-2df1-4925-be81-dd9c46859c38/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wpscan.com/vulnerability/b28d0dca-2df1-4925-be81-dd9c46859c38/ | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mf_gig_calendar_project | mf_gig_calendar | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mf_gig_calendar_project:mf_gig_calendar:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "9A95FA02-9E77-43CF-8A55-E9C907928ED7",
"versionEndIncluding": "1.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The MF Gig Calendar WordPress plugin through 1.2.1 does not have CSRF checks in some places, which could allow attackers to make logged in Contributors and above delete arbitrary events via a CSRF attack"
},
{
"lang": "es",
"value": "El complemento MF Gig Calendar de WordPress hasta la versi\u00f3n 1.2.1 no tiene comprobaciones CSRF en algunos lugares, lo que podr\u00eda permitir a los atacantes hacer que los Colaboradores registrados y superiores eliminen eventos arbitrarios mediante un ataque CSRF."
}
],
"id": "CVE-2024-3756",
"lastModified": "2025-04-18T12:54:00.033",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-05-06T06:15:07.197",
"references": [
{
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/b28d0dca-2df1-4925-be81-dd9c46859c38/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/b28d0dca-2df1-4925-be81-dd9c46859c38/"
}
],
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-27 15:15
Modified
2024-11-21 08:12
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Matthew Fries MF Gig Calendar plugin <= 1.2 versions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mf_gig_calendar_project | mf_gig_calendar | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mf_gig_calendar_project:mf_gig_calendar:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "A989C31E-A60C-4319-A6B7-90C3406F8622",
"versionEndExcluding": "1.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Matthew Fries MF Gig Calendar plugin \u003c=\u00a01.2 versions."
}
],
"id": "CVE-2023-37970",
"lastModified": "2024-11-21T08:12:36.540",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7,
"source": "audit@patchstack.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-27T15:15:10.353",
"references": [
{
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
],
"url": "https://patchstack.com/database/vulnerability/mf-gig-calendar/wordpress-mf-gig-calendar-plugin-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://patchstack.com/database/vulnerability/mf-gig-calendar/wordpress-mf-gig-calendar-plugin-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"sourceIdentifier": "audit@patchstack.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "audit@patchstack.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-05-06 06:15
Modified
2025-04-18 12:55
Severity ?
Summary
The MF Gig Calendar WordPress plugin through 1.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
References
| ▼ | URL | Tags | |
|---|---|---|---|
| contact@wpscan.com | https://wpscan.com/vulnerability/d34caeaf-2ecf-44a2-b308-e940bafd402c/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wpscan.com/vulnerability/d34caeaf-2ecf-44a2-b308-e940bafd402c/ | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mf_gig_calendar_project | mf_gig_calendar | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mf_gig_calendar_project:mf_gig_calendar:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "9A95FA02-9E77-43CF-8A55-E9C907928ED7",
"versionEndIncluding": "1.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The MF Gig Calendar WordPress plugin through 1.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
},
{
"lang": "es",
"value": "El complemento MF Gig Calendar de WordPress hasta la versi\u00f3n 1.2.1 no sanitiza ni escapa a algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con privilegios elevados, como el editor, realizar ataques de Cross-Site Scripting Almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en configuraci\u00f3n multisitio)."
}
],
"id": "CVE-2024-3755",
"lastModified": "2025-04-18T12:55:12.317",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-05-06T06:15:07.140",
"references": [
{
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/d34caeaf-2ecf-44a2-b308-e940bafd402c/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/d34caeaf-2ecf-44a2-b308-e940bafd402c/"
}
],
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-12-28 19:15
Modified
2024-11-21 08:37
Severity ?
8.5 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Matthew Fries MF Gig Calendar.This issue affects MF Gig Calendar: from n/a through 1.2.1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mf_gig_calendar_project | mf_gig_calendar | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mf_gig_calendar_project:mf_gig_calendar:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "9A95FA02-9E77-43CF-8A55-E9C907928ED7",
"versionEndIncluding": "1.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Matthew Fries MF Gig Calendar.This issue affects MF Gig Calendar: from n/a through 1.2.1.\n\n"
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL (\"Inyecci\u00f3n SQL\") en Matthew Fries MF Gig Calendar. Este problema afecta a MF Gig Calendar: desde n/a hasta 1.2.1."
}
],
"id": "CVE-2023-50842",
"lastModified": "2024-11-21T08:37:23.557",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 4.7,
"source": "audit@patchstack.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-28T19:15:14.833",
"references": [
{
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
],
"url": "https://patchstack.com/database/vulnerability/mf-gig-calendar/wordpress-mf-gig-calendar-plugin-1-2-1-sql-injection-vulnerability?_s_id=cve"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://patchstack.com/database/vulnerability/mf-gig-calendar/wordpress-mf-gig-calendar-plugin-1-2-1-sql-injection-vulnerability?_s_id=cve"
}
],
"sourceIdentifier": "audit@patchstack.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "audit@patchstack.com",
"type": "Primary"
}
]
}
CVE-2024-3755 (GCVE-0-2024-3755)
Vulnerability from cvelistv5
Published
2024-05-06 06:00
Modified
2024-11-21 17:05
Severity ?
VLAI Severity ?
EPSS score ?
Summary
The MF Gig Calendar WordPress plugin through 1.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
References
| ▼ | URL | Tags |
|---|---|---|
| https://wpscan.com/vulnerability/d34caeaf-2ecf-44a2-b308-e940bafd402c/ | exploit, vdb-entry, technical-description |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | MF Gig Calendar |
Version: 0 ≤ 1.2.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-3755",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-07T19:46:41.610883Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T17:05:56.034Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:20:01.098Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/d34caeaf-2ecf-44a2-b308-e940bafd402c/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "MF Gig Calendar",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "1.2.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Bob Matyas"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The MF Gig Calendar WordPress plugin through 1.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-06T06:00:01.752Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/d34caeaf-2ecf-44a2-b308-e940bafd402c/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "MF Gig Calendar \u003c= 1.2.1 - Editor+ Stored XSS",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2024-3755",
"datePublished": "2024-05-06T06:00:01.752Z",
"dateReserved": "2024-04-12T21:50:42.624Z",
"dateUpdated": "2024-11-21T17:05:56.034Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4242 (GCVE-0-2012-4242)
Vulnerability from cvelistv5
Published
2012-10-01 23:00
Modified
2024-08-06 20:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar page.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/55622 | vdb-entry, x_refsource_BID | |
| http://www.reactionpenetrationtesting.co.uk/mf-gig-calendar-xss.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:28:07.595Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "55622",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55622"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.reactionpenetrationtesting.co.uk/mf-gig-calendar-xss.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-09-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-06T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "55622",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55622"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.reactionpenetrationtesting.co.uk/mf-gig-calendar-xss.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4242",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "55622",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55622"
},
{
"name": "http://www.reactionpenetrationtesting.co.uk/mf-gig-calendar-xss.html",
"refsource": "MISC",
"url": "http://www.reactionpenetrationtesting.co.uk/mf-gig-calendar-xss.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-4242",
"datePublished": "2012-10-01T23:00:00",
"dateReserved": "2012-08-09T00:00:00",
"dateUpdated": "2024-08-06T20:28:07.595Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3756 (GCVE-0-2024-3756)
Vulnerability from cvelistv5
Published
2024-05-06 06:00
Modified
2024-08-01 20:20
Severity ?
VLAI Severity ?
EPSS score ?
Summary
The MF Gig Calendar WordPress plugin through 1.2.1 does not have CSRF checks in some places, which could allow attackers to make logged in Contributors and above delete arbitrary events via a CSRF attack
References
| ▼ | URL | Tags |
|---|---|---|
| https://wpscan.com/vulnerability/b28d0dca-2df1-4925-be81-dd9c46859c38/ | exploit, vdb-entry, technical-description |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | MF Gig Calendar |
Version: 0 ≤ 1.2.1 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mf_gig_calendar_project:mf_gig_calendar:*:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unknown",
"product": "mf_gig_calendar",
"vendor": "mf_gig_calendar_project",
"versions": [
{
"lessThanOrEqual": "1.2.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-3756",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T14:38:17.741902Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T14:38:30.616Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:20:00.980Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/b28d0dca-2df1-4925-be81-dd9c46859c38/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "MF Gig Calendar",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "1.2.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Bob Matyas"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The MF Gig Calendar WordPress plugin through 1.2.1 does not have CSRF checks in some places, which could allow attackers to make logged in Contributors and above delete arbitrary events via a CSRF attack"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-06T06:00:02.125Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/b28d0dca-2df1-4925-be81-dd9c46859c38/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "MF Gig Calendar \u003c= 1.2.1 - Arbitrary Event Deletion via CSRF",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2024-3756",
"datePublished": "2024-05-06T06:00:02.125Z",
"dateReserved": "2024-04-12T21:51:50.509Z",
"dateUpdated": "2024-08-01T20:20:00.980Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-33651 (GCVE-0-2024-33651)
Vulnerability from cvelistv5
Published
2024-04-26 07:09
Modified
2024-08-02 02:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Summary
Cross-Site Request Forgery (CSRF) vulnerability in Matthew Fries MF Gig Calendar.This issue affects MF Gig Calendar : from n/a through 1.2.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Matthew Fries | MF Gig Calendar |
Version: n/a < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-33651",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-02T17:05:16.580046Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-02T20:14:31.164Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:36:04.507Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/mf-gig-calendar/wordpress-mf-gig-calendar-plugin-1-2-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "mf-gig-calendar",
"product": "MF Gig Calendar ",
"vendor": "Matthew Fries",
"versions": [
{
"lessThanOrEqual": "1.2.1",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Khalid (Patchstack Alliance)"
}
],
"datePublic": "2024-04-26T09:29:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Matthew Fries MF Gig Calendar.\u003cp\u003eThis issue affects MF Gig Calendar : from n/a through 1.2.1.\u003c/p\u003e"
}
],
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Matthew Fries MF Gig Calendar.This issue affects MF Gig Calendar : from n/a through 1.2.1.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-06T09:29:47.752Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/mf-gig-calendar/wordpress-mf-gig-calendar-plugin-1-2-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
],
"source": {
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2023-10-02T09:26:00.000Z",
"value": "Report received from the security researcher Khalid (Patchstack Alliance)."
},
{
"lang": "en",
"time": "2023-10-03T09:26:00.000Z",
"value": "Vendor notified about the vulnerability."
},
{
"lang": "en",
"time": "2024-03-07T10:26:00.000Z",
"value": "WordPress plugins review team notified since vendor was not responding."
},
{
"lang": "en",
"time": "2024-03-07T10:27:00.000Z",
"value": "Plugin is closed from the public access on the WordPress.org repository due to vulnerability report."
},
{
"lang": "en",
"time": "2024-04-25T09:28:00.000Z",
"value": "Vulnerability disclosed."
}
],
"title": "WordPress MF Gig Calendar plugin \u003c= 1.2.1 - Cross Site Request Forgery (CSRF) vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-33651",
"datePublished": "2024-04-26T07:09:47.441Z",
"dateReserved": "2024-04-25T09:19:09.422Z",
"dateUpdated": "2024-08-02T02:36:04.507Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24510 (GCVE-0-2021-24510)
Vulnerability from cvelistv5
Published
2021-09-13 17:56
Modified
2024-08-03 19:35
Severity ?
VLAI Severity ?
EPSS score ?
Summary
The MF Gig Calendar WordPress plugin before 1.2 does not sanitise and escape the id GET parameter before outputting back in the admin dashboard when editing an Event, leading to a reflected Cross-Site Scripting issue
References
| ▼ | URL | Tags |
|---|---|---|
| https://wpscan.com/vulnerability/715721b0-13a1-413a-864d-2380f38ecd39 | exploit, vdb-entry, technical-description |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | MF Gig Calendar |
Version: 0 < 1.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:35:20.087Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/715721b0-13a1-413a-864d-2380f38ecd39"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"product": "MF Gig Calendar",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "iohex"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The MF Gig Calendar WordPress plugin before 1.2 does not sanitise and escape the id GET parameter before outputting back in the admin dashboard when editing an Event, leading to a reflected Cross-Site Scripting issue"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-20T08:43:39.609Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/715721b0-13a1-413a-864d-2380f38ecd39"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "MF Gig Calendar \u003c 1.2 - Reflected Cross-Site Scripting (XSS)",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24510",
"datePublished": "2021-09-13T17:56:22",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:35:20.087Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-37970 (GCVE-0-2023-37970)
Vulnerability from cvelistv5
Published
2023-07-27 14:30
Modified
2024-09-25 16:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Matthew Fries MF Gig Calendar plugin <= 1.2 versions.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Matthew Fries | MF Gig Calendar |
Version: n/a < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:23:27.928Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/mf-gig-calendar/wordpress-mf-gig-calendar-plugin-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37970",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T16:34:58.409327Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T16:57:31.589Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "mf-gig-calendar",
"product": "MF Gig Calendar",
"vendor": "Matthew Fries",
"versions": [
{
"changes": [
{
"at": "1.2.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.2",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Abdi Pranata (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Matthew Fries MF Gig Calendar plugin \u0026lt;=\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;1.2 versions.\u003c/span\u003e"
}
],
"value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Matthew Fries MF Gig Calendar plugin \u003c=\u00a01.2 versions."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-27T14:30:03.127Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/mf-gig-calendar/wordpress-mf-gig-calendar-plugin-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to\u0026nbsp;1.2.1 or a higher version."
}
],
"value": "Update to\u00a01.2.1 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress MF Gig Calendar Plugin \u003c= 1.2 is vulnerable to Cross Site Scripting (XSS)",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-37970",
"datePublished": "2023-07-27T14:30:03.127Z",
"dateReserved": "2023-07-11T11:34:41.812Z",
"dateUpdated": "2024-09-25T16:57:31.589Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-50842 (GCVE-0-2023-50842)
Vulnerability from cvelistv5
Published
2023-12-28 18:32
Modified
2024-08-02 22:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Matthew Fries MF Gig Calendar.This issue affects MF Gig Calendar: from n/a through 1.2.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Matthew Fries | MF Gig Calendar |
Version: n/a < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:23:44.042Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/mf-gig-calendar/wordpress-mf-gig-calendar-plugin-1-2-1-sql-injection-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "mf-gig-calendar",
"product": "MF Gig Calendar",
"vendor": "Matthew Fries",
"versions": [
{
"lessThanOrEqual": "1.2.1",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Abu Hurayra (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Matthew Fries MF Gig Calendar.\u003cp\u003eThis issue affects MF Gig Calendar: from n/a through 1.2.1.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Matthew Fries MF Gig Calendar.This issue affects MF Gig Calendar: from n/a through 1.2.1.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-28T18:32:33.166Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/mf-gig-calendar/wordpress-mf-gig-calendar-plugin-1-2-1-sql-injection-vulnerability?_s_id=cve"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress MF Gig Calendar Plugin \u003c= 1.2.1 is vulnerable to SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-50842",
"datePublished": "2023-12-28T18:32:33.166Z",
"dateReserved": "2023-12-14T17:19:02.629Z",
"dateUpdated": "2024-08-02T22:23:44.042Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}