4 matches found
CVE-2022-4320
The WordPress Events Calendar WordPress plugin before 1.4.5 does not sanitize and escapes a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against both unauthenticated and authenticated users such as high-privilege ones like admin...
CVE-2022-4320
creationtimestamp| type| source ---|---|--- 2025-04-04 18:36:20+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/10524...
CVE-2022-4320 WordPress Events Calendar Plugin < 1.4.5 - Multiple Reflected XSS
The WordPress Events Calendar WordPress plugin before 1.4.5 does not sanitize and escapes a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against both unauthenticated and authenticated users such as high-privilege ones like admin...
CVE-2022-4320
CVE-2022-4320 affects the WordPress Events Calendar plugin prior to version 1.4.5. The issue is improper sanitization/escaping of a parameter, allowing Reflected XSS that can affect both unauthenticated and authenticated users (including admins). Proof-of-concept details and PoCs are available in...