Search
Search Results (6 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-2362 | 2 Joedolson, Wordpress | 2 Wp Accessibility, Wordpress | 2026-02-27 | 6.4 Medium |
| The WP Accessibility plugin for WordPress is vulnerable to Stored DOM-Based Cross-Site Scripting via the 'alt' attribute of images processed by the "Long Description UI" feature in all versions up to, and including, 2.3.1. This is due to the plugin's JavaScript retrieving the alt attribute using getAttribute() and unsafely concatenating it into innerHTML and insertAdjacentHTML calls without proper sanitization or escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Exploitation requires the "Long Description UI" setting to be enabled and set to "Link to description." | ||||
| CVE-2025-67592 | 2 Joedolson, Wordpress | 2 My-calendar, Wordpress | 2026-01-20 | 4.3 Medium |
| Missing Authorization vulnerability in Joe Dolson My Calendar my-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects My Calendar: from n/a through <= 3.6.16. | ||||
| CVE-2024-1274 | 1 Joedolson | 1 My Calendar | 2025-05-07 | 5.4 Medium |
| The My Calendar WordPress plugin before 3.4.24 does not sanitise and escape some parameters, which could allow users with a role as low as Subscriber to perform Cross-Site Scripting attacks (depending on the permissions set by the admin) | ||||
| CVE-2012-6527 | 2 Joedolson, Wordpress | 2 My Calendar, Wordpress | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the My Calendar plugin before 1.10.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | ||||
| CVE-2023-6360 | 1 Joedolson | 1 My Calendar | 2024-11-21 | 8.6 High |
| The 'My Calendar' WordPress Plugin, version < 3.4.22 is affected by an unauthenticated SQL injection vulnerability in the 'from' and 'to' parameters in the '/my-calendar/v1/events' rest route. | ||||
| CVE-2023-34377 | 1 Joedolson | 1 My Content Management | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joseph C Dolson My Content Management plugin <= 1.7.6 versions. | ||||
Page 1 of 1.