WordPress Community Events plugin <= 1.5.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'ce_venue_name' Parameter vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via 'cevenuename' Parameter vulnerability discovered by Bee - FPT University in WordPress Plugin Community Events versions = 1.5.7...