Authenticated Stored Cross-Site Scripting (XSS) in Simple Event Planner plugin <= 1.5.4 allows attackers with contributor or higher user roles to inject the malicious script by using vulnerable parameter &custom[add_seg][].
CPE | Name | Operator | Version |
---|---|---|---|
simple_event_planner | le | 1.5.4 |