Skip to main content
Loading…
    CVE-2026-1902 — The Hammas Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'apix' parameter in the 'hp-calendar-manage-redirect' shortcode in all versions up to, and — CVE Database · The Intelligence Room