My Calendar Project My Calendar — known CVE vulnerabilities
Every CVE whose affected-product data names My Calendar Project My Calendar, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVE-2021-24927 — CVSS 5.4 (medium): The My Calendar WordPress plugin before 3.2.18 does not sanitise and escape the callback parameter of the mc_post_lookup AJAX action…
CVE-2022-47427 — CVSS 5.4 (medium): Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dolson My Calendar plugin <= 3.3.24.1 versions.
CVE-2023-23813 — CVSS 5.4 (medium): Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dolson My Calendar plugin <= 3.4.3 versions.