Vr Calendar

vr_calendar

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-5936 1Vr Calendar Project 1Vr Calendar Jul 7, 2025 Jun 27, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The VR Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.7. This is due to missing or incorrect nonce validation on the syncCalendar() function. This make...Show more The VR Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.7. This is due to missing or incorrect nonce validation on the syncCalendar() function. This makes it possible for unauthenticated attackers to trigger a calendar sync via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2022-3852 1Vr Calendar Project 1Vr Calendar Apr 8, 2026 Nov 3, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 The VR Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.3. This is due to missing or incorrect nonce validation on several functions. This makes it possible...Show more The VR Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.3. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to delete, and modify calendars as well as the plugin settings, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2022-2314 1Vr Calendar Project 1Vr Calendar Nov 21, 2024 Aug 15, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The VR Calendar WordPress plugin through 2.3.2 lets any user execute arbitrary PHP functions on the site.