2 matches found
CVE-2022-25612
Multiple Authenticated Persistent Cross-Site Scripting XSS vulnerabilities in Simple Event Planner WordPress plugin = 1.5.4 allows user with author or higher user rights inject the malicious code via vulnerable parameters: &customeventorganiser, &customorganiseremail, &customorganisercontact...
CVE-2022-25612
CVE-2022-25612 affects WordPress WordPress Simple Event Planner plugin ≤ 1.5.4. The vulnerability is a stored/authenticated Cross-Site Scripting (XSS) resulting from insufficient sanitization of Event Options (e.g., event_organiser, organiser_email, organiser_contact) when a user with author or h...