← back
CVE-2022-2314

VR Calendar < 2.3.2 - Unauthenticated Arbitrary Function Call

EPSS 12.4%CWE-78
Vexday Risk Score
23Low
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS EPSS 12.4%KEV nãoPoC Nuclei simMetasploit Patch
Lifecycle
15 Aug 2022Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
The VR Calendar WordPress plugin through 2.3.2 lets any user execute arbitrary PHP functions on the site.
Affected products
Unknown · VR Calendar

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://wpscan.com/vulnerability/b22fe77c-844e-4c24-8023-014441cc1e82