Cross-Site Request Forgery (CSRF) vulnerability leading to event deletion was discovered in Spiffy Calendar WordPress plugin (versions <= 4.9.0).CreditsVulnerability discovered by Ngo Van Thien (Patchstack Red Team project).Referenceshttps://wordpress.org/plugins/spiffy-calendar/#developershttps://patchstack.com/database/vulnerability/spiffy-calendar/wordpress-spiffy-calendar-plugin-4-9-0-event-deletion-via-cross-site-request-forgery-csrf-vulnerability
