WordPress Koalendar plugin <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via height Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via height Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Koalendar versions = 1.0.2...

EUVD-2024-34276

Malicious code in bioql PyPI...

CVE-2024-11855

The Koalendar – Events & Appointments Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘height’ parameter in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2024-11855

The Koalendar – Events & Appointments Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘height’ parameter in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2024-11855

CVE-2024-11855 (Koalendar – WordPress plugin): Stored XSS via the height parameter in Koalendar up to version 1.0.2. Exploitable by authenticated users with Contributor+ access, allowing arbitrary scripts on pages viewed by other users. The incident is noted as patched by security sources; detail...

CVE-2024-11855 Koalendar – Events & Appointments Booking Calendar <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via height Parameter

The Koalendar – Events & Appointments Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘height’ parameter in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2024-11855 Koalendar – Events & Appointments Booking Calendar <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via height Parameter

The Koalendar – Events & Appointments Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘height’ parameter in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

PT-2024-17296 · WordPress · Koalendar – Events & Appointments Booking Calendar

Name of the Vulnerable Software and Affected Versions: Koalendar – Events & Appointments Booking Calendar plugin for WordPress versions prior to 1.0.3 Description: The issue is related to Stored Cross-Site Scripting via the height parameter due to insufficient input sanitization and output...

WordPress plugin Koalendar 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...