WordPress is the Wordpress Foundation’s suite of blogging platforms developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. cross-site scripting vulnerability exists in versions of WordPress EventCalendar plugin prior to 1.1.15, which stems from the plugin’s failure to escape certain user input before outputting it back to properties. An attacker could exploit this vulnerability to cause a reflection cross-site scripting issue.
CPE | Name | Operator | Version |
---|---|---|---|
wordpress eventcalendar plugin | lt | 1.1.51 |