3 matches found
CVE-2023-2406
The Event Registration Calendar By vcita plugin, versions up to and including 3.9.1, and Online Payments – Get Paid with PayPal, Square & Stripe plugin, for WordPress are vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 1.3.1 due to insufficien...
CVE-2023-2406
The Event Registration Calendar By vcita plugin, versions up to and including 3.9.1, and Online Payments – Get Paid with PayPal, Square & Stripe plugin, for WordPress are vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 1.3.1 due to insufficien...
CVE-2023-2406
The CVE-2023-2406 issue affects the WordPress plugins Event Registration Calendar By vcita (up to v3.9.1) and Online Payments – Get Paid with PayPal, Square & Stripe (up to v1.3.1). Root cause: insufficient input sanitization and output escaping on the email parameter, enabling Stored XSS. Exploi...