Total-soft Event Calendar — known CVE vulnerabilities
Every CVE whose affected-product data names Total-soft Event Calendar, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2024-8700 — CVSS 7.5 (high): The Event Calendar WordPress plugin through 1.0.4 does not check for authorization on delete actions, allowing unauthenticated users to…
CVE-2022-38067 — CVSS 6.5 (medium): Unauthenticated Event Deletion vulnerability in Totalsoft Event Calendar – Calendar plugin <= 1.4.6 at WordPress.