🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

My Calendar – Accessible Event Manager

Wordfence Intelligence > Vulnerability Database > WordPress Plugins > My Calendar – Accessible Event Manager

Information

Software Type	Plugin
Software Slug	my-calendar (view on wordpress.org)
Software Status	Active
Software Author	joedolson
Software Website	www.joedolson.com
Software Downloads	2,394,082
Software Active Installs	20,000
Software Record Last Updated	May 18, 2024

14 Vulnerabilities

My Calendar < 1.10.5 - Cross-Site Scripting

6.1

CVE-2012-6527

Jan 18, 2012

Researcher: Dean Batha

My Calendar < 2.3.10 - Reflected Cross-Site Scripting

6.1

CVE ID Unknown

Apr 20, 2015

Researchers:

My Calendar < 2.3.30 - Reflected Cross-Site Scripting

6.1

CVE ID Unknown

May 15, 2015

Researcher: Tim Coen

My Calendar <= 2.3.29 - Path Traversal to Remote Code Execution

9.8

CVE ID Unknown

May 15, 2015

Researcher: Joost de Valk

My Calendar <= 2.5.16 - Authenticated Stored Cross-Site Scripting

6.4

CVE ID Unknown

Apr 4, 2018

Researcher: Luigi Gubello

My Calendar <= 3.1.9 - Unauthenticated Cross-Site Scripting

6.1

CVE-2019-15713

Apr 30, 2019

Researchers:

My Calendar <= 3.2.17 - Subscriber+ Reflected Cross-Site Scripting

5.4

CVE-2021-24927

Nov 1, 2021

Researcher: Krzysztof Zając

My Calendar <= 3.3.16 - Administrator+ Stored Cross-Site Scripting

5.5

CVE ID Unknown

Jul 18, 2022

Researchers:

My Calendar <= 3.3.16 - Open Redirect

4.7

CVE-2022-36371

Aug 2, 2022

Researcher: Dan Kegel

My Calendar <= 3.3.24.1 - Cross-Site Request Forgery

7.1

CVE-2022-47427

Jan 3, 2023

Researcher: rezaduty

My Calendar <= 3.4.3 - Cross-Site Request Forgery

8.8

CVE-2023-23813

Jan 20, 2023

Researcher: thiennv

My Calendar <= 3.4.21 - Unauthenticated SQL Injection

9.8

CVE-2023-6360

Nov 26, 2023

Researcher: Tenable

My Calendar <= 3.4.23 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2024-25916

Feb 11, 2024

Researcher: Steven Julian

My Calendar <= 3.4.23 - Authenticated (Admin+) Stored Cross-Site Scripting via Events

4.4

CVE-2024-1274

Feb 11, 2024

Researcher: cyc707

Title	Status	CVE ID	CVSS	Researchers	Date
My Calendar < 1.10.5 - Cross-Site Scripting	Patched	CVE-2012-6527	6.1	Dean Batha	January 18, 2012
My Calendar < 2.3.10 - Reflected Cross-Site Scripting	Patched		6.1		April 20, 2015
My Calendar < 2.3.30 - Reflected Cross-Site Scripting	Patched		6.1	Tim Coen	May 15, 2015
My Calendar <= 2.3.29 - Path Traversal to Remote Code Execution	Patched		9.8	Joost de Valk	May 15, 2015
My Calendar <= 2.5.16 - Authenticated Stored Cross-Site Scripting	Patched		6.4	Luigi Gubello	April 4, 2018
My Calendar <= 3.1.9 - Unauthenticated Cross-Site Scripting	Patched	CVE-2019-15713	6.1		April 30, 2019
My Calendar <= 3.2.17 - Subscriber+ Reflected Cross-Site Scripting	Patched	CVE-2021-24927	5.4	Krzysztof Zając	November 1, 2021
My Calendar <= 3.3.16 - Administrator+ Stored Cross-Site Scripting	Patched		5.5		July 18, 2022
My Calendar <= 3.3.16 - Open Redirect	Patched	CVE-2022-36371	4.7	Dan Kegel	August 2, 2022
My Calendar <= 3.3.24.1 - Cross-Site Request Forgery	Patched	CVE-2022-47427	7.1	rezaduty	January 3, 2023
My Calendar <= 3.4.3 - Cross-Site Request Forgery	Patched	CVE-2023-23813	8.8	thiennv	January 20, 2023
My Calendar <= 3.4.21 - Unauthenticated SQL Injection	Patched	CVE-2023-6360	9.8	Tenable	November 26, 2023
My Calendar <= 3.4.23 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	Patched	CVE-2024-25916	6.4	Steven Julian	February 11, 2024
My Calendar <= 3.4.23 - Authenticated (Admin+) Stored Cross-Site Scripting via Events	Patched	CVE-2024-1274	4.4	cyc707	February 11, 2024

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation