CVE-2018-18872
The vulnerability CVE-2018-18872 affects the WordPress Kieran O’Shea Calendar plugin prior to 1.3.11. It enables Stored XSS via the event_title field in wp-admin/admin.php?page=calendar add action or via the category name during calendar-categories creation. Root cause is insufficient validation/...