Calendar
CVE-2013-2698
MEDIUM
Severity by source
AV:N/AC:M/Au:N/C:P/I:P/A:P
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:N/AC:M/Au:N/C:P/I:P/A:P
Lifecycle Timeline
1DescriptionCVE.org
Cross-site request forgery (CSRF) vulnerability in the Calendar plugin before 1.3.3 for WordPress allows remote attackers to hijack the authentication of users for requests that add a calendar entry via unspecified vectors.
AnalysisAI
Cross-site request forgery (CSRF) vulnerability in the Calendar plugin before 1.3.3 for WordPress allows remote attackers to hijack the authentication of users for requests that add a calendar entry. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Cross-Site Request Forgery (CSRF) (CWE-352), which allows attackers to trick authenticated users into performing unintended actions. Cross-site request forgery (CSRF) vulnerability in the Calendar plugin before 1.3.3 for WordPress allows remote attackers to hijack the authentication of users for requests that add a calendar entry via unspecified vectors. Affected products include: Kieranoshea Calendar. Version information: before 1.3.3.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement anti-CSRF tokens, validate Origin/Referer headers, use SameSite cookie attribute.
Nextcloud Calendar is a calendar application for the nextcloud framework. Rated critical severity (CVSS 9.8), this vulne
OS command injection vulnerability in drivers_syno_import_user.php in Synology Calendar before 2.3.1-0617 allows remote
A security vulnerability in Nextcloud Calendar (CVSS 5.7). Risk factors: public PoC available. Vendor patch is available
Nextcloud calendar is a calendar app for the Nextcloud server platform. Rated medium severity (CVSS 4.3), this vulnerabi
Cross-Site Request Forgery (CSRF) vulnerability in webapi component in Synology Calendar before 2.3.4-0631 allows remote
Use of hard-coded credentials vulnerability in php component in Synology Calendar before 2.4.0-0761 allows remote attack
Improper access control vulnerability in SYNO.Cal.EventBase in Synology Calendar before 2.0.1-0242 allows remote authent
Nextcloud/Cloud is a calendar app for Nextcloud. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploi
Improper authorization vulnerability in SYNO.Cal.Event in Calendar before 2.1.2-0511 allows remote authenticated users t
HumHub Calendar module versions prior to 1.8.11 contain a stored XSS vulnerability in Event Types that allows attackers
Discourse Calendar plugin adds the ability to create a dynamic calendar in the first post of a topic to Discourse. Rated
Potential zip path traversal vulnerability in Calendar application prior to version 12.4.07.15 in Android 13 allows atta
Same weakness CWE-352 – Cross-Site Request Forgery (CSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today