Skip to main content

Vr Calendar

3 CVEs product

Monthly

CVE-2025-5936 MEDIUM This Month

The VR Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.7. This is due to missing or incorrect nonce validation on the syncCalendar() function. This makes it possible for unauthenticated attackers to trigger a calendar sync via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

WordPress CSRF Vr Calendar PHP
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2022-3852 HIGH PATCH This Week

The VR Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Vr Calendar
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-2314 CRITICAL POC THREAT Act Now

The VR Calendar WordPress plugin through 2.3.2 lets any user execute arbitrary PHP functions on the site. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP WordPress Command Injection Vr Calendar
NVD WPScan
CVSS 3.1
9.8
EPSS
12.4%
EPSS 0% CVSS 4.3
MEDIUM This Month

The VR Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.7. This is due to missing or incorrect nonce validation on the syncCalendar() function. This makes it possible for unauthenticated attackers to trigger a calendar sync via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

WordPress CSRF Vr Calendar +1
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

The VR Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Vr Calendar
NVD VulDB
EPSS 12% CVSS 9.8
CRITICAL POC THREAT Act Now

The VR Calendar WordPress plugin through 2.3.2 lets any user execute arbitrary PHP functions on the site. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP WordPress Command Injection +1
NVD WPScan

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy