WordPress Plugin Vulnerabilities

Calendar <= 1.3.7 - Cross-Site Scripting (XSS)

Description

The Calendar WordPress plugin was affected by a Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
calendar
Fixed in 1.3.8

References

URL
https://sumofpwn.nl/advisory/2016/cross_site_scripting_in_calendar_wordpress_plugin.html
URL
https://plugins.trac.wordpress.org/changeset/1485159

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Submitter
firefart
Submitter website
https://firefart.at/
Submitter twitter
_FireFart_
Verified
No
WPVDB ID
d81eb5c2-ce77-44e7-bc85-840821673b96

Timeline

Publicly Published
2016-11-08 (about 7 years ago)
Added
2016-11-08 (about 7 years ago)
Last Updated
2019-11-01 (about 4 years ago)

Other

Published
Title
Published
2024-02-12
Title
Bold Page Builder < 4.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Icon Link
Published
2017-06-22
Title
Analytics Tracker < 1.1.1 - XSS
Published
2021-08-18
Title
Jock on air now < 5.6.3 - Authenticated Stored Cross-Site Scripting
Published
2024-04-30
Title
Ultimate Under Construction < 1.9.4 - Authenticated (Administrator+) Stored Cross-Site Scripting
Published
2015-02-02
Title
WordPress Calls to Action <= 2.2.7 - Stored XSS