Lucene search
PRIOn knowledge basePRION:CVE-2022-4320HistoryJan 16, 2023 - 4:15 p.m.
Cross site scripting
2023-01-1616:15:00
PRIOn knowledge base
www.prio-n.com
2
wordpress
events calendar
plugin
cross-site scripting
reflected
parameter sanitization
authenticated users
unauthenticated users
high privilege
admin
0.001 Low
EPSS
Percentile
45.5%
The WordPress Events Calendar WordPress plugin before 1.4.5 does not sanitize and escapes a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against both unauthenticated and authenticated users (such as high-privilege ones like admin).
| CPE | Name | Operator | Version |
|---|---|---|---|
| wordpress_events_calendar_plugin | lt | 1.4.5 |
Related
cve
cve
CVE-2022-4320
2023-01-16 16:15:11
nuclei
nuclei
WordPress Events Calendar <1.4.5 - Cross-Site Scripting
2023-03-18 22:07:09
wpvulndb
wpvulndb
WordPress Events Calendar Plugin < 1.4.5 - Multiple Reflected XSS
2022-12-20 00:00:00
cvelist
cvelist
wpexploit
wpexploit
WordPress Events Calendar Plugin < 1.4.5 - Multiple Reflected XSS
2022-12-20 00:00:00
nvd
nvd
CVE-2022-4320
2023-01-16 16:15:11