ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Calendar plugin <= 1.3.10 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Product
Calendar
Description
Authenticated Stored Cross-Site Scripting (XSS) vulnerability found by boombyte in WordPress Calendar plugin (versions <= 1.3.10).
Solution
WordPress Calendar plugin was closed on 2018 November 2 and is no longer available for download. Please deactivate and uninstall plugin as soon as possible.
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
Plugin page
CVE
Name CVE-N/A
Versions
Affected In <= 1.3.10
Disclosure date
2018-11-13
Credits
boombyte
Submitter
ThreatPress