Offshorewebmaster

offshorewebmaster

3 CVEs • 1 product

Products (1)

Click to collapse

Toggle

Availability Calendar

availability_calendar

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-48744 1Offshorewebmaster 1Availability Calendar Jun 17, 2026 Nov 30, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Offshore Web Master Availability Calendar allows Cross Site Request Forgery.This issue affects Availability Calendar: from n/a through 1.2.6.
CVE-2021-24606 1Offshorewebmaster 1Availability Calendar Jun 17, 2026 Sep 20, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 The Availability Calendar WordPress plugin before 1.2.1 does not escape the category attribute from its shortcode before using it in a SQL statement, leading to a SQL Injection issue, which can be exploited by any user a...Show more The Availability Calendar WordPress plugin before 1.2.1 does not escape the category attribute from its shortcode before using it in a SQL statement, leading to a SQL Injection issue, which can be exploited by any user able to add shortcode to posts/pages, such as contributor+Show less
CVE-2021-24604 1Offshorewebmaster 1Availability Calendar Jun 17, 2026 Sep 20, 2021 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 The Availability Calendar WordPress plugin before 1.2.2 does not sanitise or escape its Category Names before outputting them in page/post where the associated shortcode is embed, allowing high privilege users to perform...Show more The Availability Calendar WordPress plugin before 1.2.2 does not sanitise or escape its Category Names before outputting them in page/post where the associated shortcode is embed, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowedShow less