Headline
CVE-2022-36390: WordPress Event Calendar – Calendar plugin <= 1.4.6 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability - Patchstack
Authenticated (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Totalsoft Event Calendar – Calendar plugin <= 1.4.6 at WordPress.
Verified
Fixed
4.1
CVSS 3.1 score Medium severity
Monitoring Coming soon
PSID
aee14c950d8b
Classification
Cross Site Scripting (XSS)
OWASP Top 10
A7: Cross-Site Scripting (XSS)
Required privilege
Requires subscriber or higher role user authentication.
Publicly disclosed
2022-08-25
Details
Authenticated Reflected Cross-Site Scripting (XSS) vulnerability discovered by Vlad Vector (Patchstack) in WordPress Event Calendar – Calendar plugin (versions <= 1.4.6).
Solution
Update the WordPress Event Calendar – Calendar plugin to the latest available version (at least 1.4.7).
References