Lucene search
+L

WordPress The Events Calendar Plugin < 4.8.2 XSS Vulnerability

🗓️ 16 Sep 2019 00:00:00Reported by Copyright (C) 2019 Greenbone Networks GmbHType 
openvas
 openvas
🔗 plugins.openvas.org👁 99 Views

WordPress The Events Calendar Plugin < 4.8.2 XSS Vulnerability. Allows injection of arbitrary HTML and JavaScript

Related
Refs
Code
ReporterTitlePublishedViews
Family
CNVD
WordPress the-events-calendar plugin cross-site scripting vulnerability
23 Aug 201900:00
cnvd
CVE
CVE-2019-15109
21 Aug 201911:50
cve
Cvelist
CVE-2019-15109
21 Aug 201911:50
cvelist
EUVD
EUVD-2019-6180
7 Oct 202500:30
euvd
NVD
CVE-2019-15109
21 Aug 201912:15
nvd
OSV
CVE-2019-15109
21 Aug 201912:15
osv
Prion
Design/Logic Flaw
21 Aug 201912:15
prion
Positive Technologies
PT-2019-13989 · Modern Tribe · The Events Calendar
21 Aug 201900:00
ptsecurity
RedhatCVE
CVE-2019-15109
22 May 202508:34
redhatcve
WPVulnDB
The Events Calendar < 4.8.2 - XSS
4 Mar 201900:00
wpvulndb
Rows per page
# Copyright (C) 2019 Greenbone Networks GmbH
#
# SPDX-License-Identifier: GPL-2.0-or-later
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.113530");
  script_version("2023-01-20T10:11:50+0000");
  script_tag(name:"last_modification", value:"2023-01-20 10:11:50 +0000 (Fri, 20 Jan 2023)");
  script_tag(name:"creation_date", value:"2019-09-16 14:59:04 +0000 (Mon, 16 Sep 2019)");
  script_tag(name:"cvss_base", value:"4.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2019-09-04 16:58:00 +0000 (Wed, 04 Sep 2019)");

  script_tag(name:"qod_type", value:"remote_banner");

  script_tag(name:"solution_type", value:"VendorFix");

  script_cve_id("CVE-2019-15109");

  script_name("WordPress The Events Calendar Plugin < 4.8.2 XSS Vulnerability");

  script_category(ACT_GATHER_INFO);

  script_copyright("Copyright (C) 2019 Greenbone Networks GmbH");
  script_family("Web application abuses");
  script_dependencies("gb_wordpress_plugin_http_detect.nasl");
  script_mandatory_keys("wordpress/plugin/the-events-calendar/detected");

  script_tag(name:"summary", value:"The WordPress plugin 'The Events Calendar' is prone
  to a cross-site scripting (XSS) vulnerability.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"The vulnerability is exploitable via the tribe_paged URL
  parameter.");

  script_tag(name:"impact", value:"Successful exploitation would allow an attacker to inject arbitrary
  HTML and JavaScript into the site.");

  script_tag(name:"affected", value:"WordPress The Events Calendar plugin through version 4.8.1.");

  script_tag(name:"solution", value:"Update to version 4.8.2 or later.");

  script_xref(name:"URL", value:"https://wpvulndb.com/vulnerabilities/9554");
  script_xref(name:"URL", value:"https://wordpress.org/plugins/the-events-calendar/#developers");

  exit(0);
}

CPE = "cpe:/a:tri:the_events_calendar";

include("host_details.inc");
include("version_func.inc");

if( ! port = get_app_port( cpe: CPE ) )
  exit( 0 );

if( ! infos = get_app_version_and_location( cpe: CPE, port: port, exit_no_version: TRUE ) )
  exit( 0 );

version = infos["version"];
location = infos["location"];

if( version_is_less( version: version, test_version: "4.8.2" ) ) {
  report = report_fixed_ver( installed_version: version, fixed_version: "4.8.2", install_path: location );
  security_message( port: port, data: report );
  exit( 0 );
}

exit( 99 );

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

20 Jan 2023 00:00Current
6.4Medium risk
Vulners AI Score6.4
CVSS 24.3
CVSS 36.1
EPSS0.0106
99