4 matches found
CVE-2024-12118
The The Events Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Event Calendar Link Widget through the htmltag attribute in all versions up to, and including, 6.9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...
CVE-2024-12118
creationtimestamp| type| source ---|---|--- 2025-01-23 12:03:32+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/2722 2025-01-23 12:16:05+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lgfudjzlud2f 2025-01-23 12:39:52+00:00| seen|...
CVE-2024-12118
CVE-2024-12118 is a stored XSS in The Events Calendar WordPress plugin (versions
CVE-2024-12118 The Events Calendar <= 6.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The The Events Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Event Calendar Link Widget through the htmltag attribute in all versions up to, and including, 6.9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...