Medium 4.3
2026-01-05< 5.0.8
Spiffy Calendar <= 5.0.7 - Missing Authorization
Spiffy Calendar
Minimum safe version
5.0.8
Update to 5.0.8 or later to address 21 fixable vulnerabilities
Latest available5.0.11 ✓
Medium 6.5
2024-09-15< 4.9.14
CVE-2024-45457
High 7.1
2024-09-15< 4.9.14
CVE-2024-45458
High 7.6
2024-09-17< 4.9.13
CVE-2024-43969
High 7.2
2024-07-22< 4.9.12
CVE-2024-38692
Medium 6.3
2024-06-04< 4.9.11
CVE-2024-30528
Medium 5.4
2024-03-29< 4.9.10
CVE-2024-30427
Medium 5.3
2024-02-27< 4.9.9
CVE-2024-0855
Medium 6.5
2023-12-14< 4.9.6
CVE-2023-49745
N/A
2023-12-01< 4.9.6
Spiffy Calendar <= 4.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
Medium 5.8
2023-08-18< 4.9.4
CVE-2023-32122
N/A
2023-05-03< 4.9.4
Spiffy Calendar <= 4.9.3 - Reflected Cross-Site Scripting via page parameter
High 8.5
2023-11-03< 4.9.2
CVE-2022-46859
N/A
2022-12-16< 4.9.2
Spiffy Calendar <= 4.9.1 - Authenticated (Contributor+) SQL Injection
Medium 6.3
2022-05-20< 4.9.1
CVE-2022-29434
N/A
2022-02-10< 4.9.1
WordPress Spiffy Calendar plugin <= 4.9.0 - Edit/Delete event via IDOR vulnerability
N/A
2022-02-10< 4.9.1
WordPress Spiffy Calendar plugin <= 4.9.0 - Multiple Authenticated Reflected Cross-Site Scripting (XSS) vulnerabilities
N/A
2022-02-10< 4.9.1
WordPress Spiffy Calendar plugin <= 4.9.0 - Admin+ Persistent Cross-Site Scripting (XSS) vulnerability
N/A
2022-02-10< 4.9.1
WordPress Spiffy Calendar plugin <= 4.9.0 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability
Medium 6.1
2017-06-05< 3.3.0
CVE-2017-9420
Medium 4.3
2022-02-21< 4.9.1
CVE-2022-25599