Filtered by vendor Strix-bubol5
Subscriptions
Filtered by product Holiday Class Post Calendar
Subscriptions
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-12813 | 2 Strix-bubol5, Wordpress | 2 Holiday Class Post Calendar, Wordpress | 2025-11-12 | 9.8 Critical |
| The Holiday class post calendar plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 7.1 via the 'contents' parameter. This is due to a lack of sanitization of user-supplied data when creating a cache file. This makes it possible for unauthenticated attackers to execute code on the server. | ||||
Page 1 of 1.