CVE-2022-1324

The Event Timeline WordPress plugin through 1.1.5 does not sanitize and escape Timeline Text, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

CVE-2022-1324

The Event Timeline WordPress plugin through 1.1.5 does not sanitize and escape Timeline Text, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

PT-2022-13798 · WordPress · Event Timeline Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: Event Timeline WordPress plugin versions 1.1.5 and earlier Description: The issue allows high-privileged users, such as admins, to perform Cross-Site Scripting attacks due to the lack of sanitization and escaping of Timeline Text, even when...

WordPress Event Timeline plugin <= 1.1.6 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Fayçal CHENA in WordPress Event Timeline plugin versions = 1.1.6. Solution No patched version available...