Event Calendar < 1.4.7 - Reflected Cross-Site Scripting

2022-08-2500:00:00

wpscan.com

0.001 Low

EPSS

Percentile

23.0%

JSON

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting exploitable against any authenticated user

CPENameOperatorVersion
calendar-eventlt1.4.7

CPE	Name	Operator	Version
	calendar-event	lt	1.4.7

0.001 Low

EPSS

Percentile

23.0%

JSON

Related for WPVDB-ID:5B59EFA9-C875-4417-A2D8-2D22F9BD3DB4