Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 11:41 p.m.13 views

CVE-2022-4115

The Editorial Calendar WordPress plugin before 3.8.3 does not sanitise and escape its settings, allowing users with roles as low as contributor to inject arbitrary web scripts in the plugin admin panel, enabling a Stored Cross-Site Scripting vulnerability targeting higher privileged users...

5.4CVSS5.8AI score0.00444EPSS
Exploits1References1
NVD
NVD
added 2023/06/27 2:15 p.m.20 views

CVE-2022-4115

The Editorial Calendar WordPress plugin before 3.8.3 does not sanitise and escape its settings, allowing users with roles as low as contributor to inject arbitrary web scripts in the plugin admin panel, enabling a Stored Cross-Site Scripting vulnerability targeting higher privileged users...

5.4CVSS5.2AI score0.00444EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/06/27 1:17 p.m.11 views

CVE-2022-4115 Editorial Calendar < 3.8.3 - Contributor+ Stored XSS

The Editorial Calendar WordPress plugin before 3.8.3 does not sanitise and escape its settings, allowing users with roles as low as contributor to inject arbitrary web scripts in the plugin admin panel, enabling a Stored Cross-Site Scripting vulnerability targeting higher privileged users...

5.7AI score0.00444EPSS
Exploits1References1
CVE
CVE
added 2023/06/27 1:17 p.m.37 views

CVE-2022-4115

The CVE-2022-4115 entry describes a Stored XSS vulnerability in the Editorial Calendar WordPress plugin (pre-3.8.3) caused by insufficient sanitisation/escaping of plugin settings. This allows users with roles as low as Contributor to inject arbitrary scripts in the plugin admin panel, potentiall...

5.4CVSS5.2AI score0.00444EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2023/06/27 1:17 p.m.21 views

CVE-2022-4115 Editorial Calendar < 3.8.3 - Contributor+ Stored XSS

The Editorial Calendar WordPress plugin before 3.8.3 does not sanitise and escape its settings, allowing users with roles as low as contributor to inject arbitrary web scripts in the plugin admin panel, enabling a Stored Cross-Site Scripting vulnerability targeting higher privileged users...

5.4AI score0.00444EPSS
Exploits1References1
Patchstack
Patchstack
added 2023/06/27 12:0 a.m.14 views

WordPress Editorial Calendar Plugin <= 3.8.0 is vulnerable to Cross Site Scripting (XSS)

Software Editorial Calendar Type Plugin Vulnerable versions = 3.8.0 Fixed in 3.8.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4115 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID ecc03a6dec25 Credits iohex Required...

5.4CVSS5.7AI score0.00444EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder