Every CVE whose affected-product data names Kieranoshea Calendar, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2013-2698 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in the Calendar plugin before 1.3.3 for WordPress allows remote attackers to hijack the…
CVE-2018-18872 — CVSS 5.4 (medium): The Kieran O'Shea Calendar plugin before 1.3.11 for WordPress has Stored XSS via the event_title parameter in a wp-admin/admin.php?page=cale…