Search Results | AttackerKB

Show filters

Topics 4 Users 9,712

Clear All

Disclosure Date

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

4 Total Results

Displaying 1-4 of 4

Attacker Value

Unknown

CVE-2023-23813

Disclosure Date: May 22, 2023 (last updated October 08, 2023)

Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dolson My Calendar plugin <= 3.4.3 versions.

Attack Vector: Network Privileges: None User Interaction: Required

0

Attacker Value

Unknown

CVE-2022-47427

Disclosure Date: March 15, 2023 (last updated November 08, 2023)

Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dolson My Calendar plugin <= 3.3.24.1 versions.

Attack Vector: Network Privileges: None User Interaction: Required

0

Attacker Value

Unknown

CVE-2021-24927

Disclosure Date: November 29, 2021 (last updated February 23, 2025)

The My Calendar WordPress plugin before 3.2.18 does not sanitise and escape the callback parameter of the mc_post_lookup AJAX action (available to any authenticated user) before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue

Attack Vector: Network Privileges: Low User Interaction: Required

0

Attacker Value

Unknown

CVE-2019-15713

Disclosure Date: August 28, 2019 (last updated November 27, 2024)

The my-calendar plugin before 3.1.10 for WordPress has XSS.

0