cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-0855,https://securityvulnerability.io/vulnerability/CVE-2024-0855,Plugin Flaw Allows Deceiving Event Creation,"The Spiffy Calendar WordPress plugin before 4.9.9 doesn't check the event_author parameter, and allows any user to alter it when creating an event, leading to deceiving users/admins that a page was created by a Contributor+.",Wordpress,Spiffy Calendar,,,0.0004299999854993075,false,,false,false,true,true,false,false,2024-02-27T08:30:29.193Z,0
CVE-2022-29434,https://securityvulnerability.io/vulnerability/CVE-2022-29434,WordPress Spiffy Calendar plugin <= 4.9.0 - Edit/Delete event via IDOR vulnerability,Insecure Direct Object References (IDOR) vulnerability in Spiffy Plugins Spiffy Calendar <= 4.9.0 at WordPress allows an attacker to edit or delete events.,Wordpress,Spiffy Calendar,6.3,MEDIUM,0.0007600000244565308,false,,false,false,false,,false,false,2022-05-20T21:15:00.000Z,0
CVE-2022-25599,https://securityvulnerability.io/vulnerability/CVE-2022-25599,WordPress Spiffy Calendar plugin <= 4.9.0 - Event deletion via Cross-Site Request Forgery (CSRF) vulnerability,Cross-Site Request Forgery (CSRF) vulnerability leading to event deletion was discovered in Spiffy Calendar WordPress plugin (versions <= 4.9.0).,Wordpress,Spiffy Calendar (WordPress Plugin),5.4,MEDIUM,0.0005300000193528831,false,,false,false,false,,false,false,2022-02-21T18:15:00.000Z,0
CVE-2017-9420,https://securityvulnerability.io/vulnerability/CVE-2017-9420,,Cross site scripting (XSS) vulnerability in the Spiffy Calendar plugin before 3.3.0 for WordPress allows remote attackers to inject arbitrary JavaScript via the yr parameter.,Wordpress,Spiffy Calendar,6.1,MEDIUM,0.0010600000387057662,false,,false,false,false,,false,false,2017-06-05T19:00:00.000Z,0