The VR Calendar plugin for WordPress is an outdated version that can be misused by someone with administrative privileges. It can be used to access files, sensitive information, or even execute code on the website. This can be done even if only images or other “safe” file types can be uploaded. An attacker can also take advantage of this vulnerability using something called Cross-site Request Forgery.
This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!
Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:
> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21
Is this information incorrect? Please leave us a message.
© Really Simple Plugins
CoC 70461155
Kalmarweg 14-5
9723 JG, Groningen (NL)
