Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in Availability Calendar 1.2.6

  • Severity: medium-risk
  • Status: Open
  • Publication: November 24, 2023

The Availability Calendar plugin for WordPress is vulnerable to attack if you are using versions 1.2.6 or earlier. This means that someone with malicious intent, who can get a site administrator to click on a link, can create an availability window. This is because the plugin is missing or not correctly using a security feature called a nonce validation on the add_availability_calendar_create_admin_page() function.

Detected in:

Availability Calendar open vulnerable versions: >= * <= 1.2.6

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.