Lucene search
K

4 matches found

Patchstack
Patchstack
added 2025/05/19 3:16 a.m.6 views

WordPress Event Calendar plugin <= 1.0.4 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Event Calendar versions = 1.0.4...

4.8CVSS6AI score0.00266EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2025/05/15 8:15 p.m.3 views

CVE-2024-8701

The events-calendar WordPress plugin through 1.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.00266EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/05/15 8:7 p.m.20 views

CVE-2024-8701 Event Calendar <= 1.0.4 - Admin+ Stored XSS

The events-calendar WordPress plugin through 1.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

0.00266EPSS
Exploits1References1
CVE
CVE
added 2025/05/15 8:7 p.m.30 views

CVE-2024-8701

The CVE-2024-8701 entry concerns the WordPress events-calendar plugin (versions up to 1.0.4). The vulnerability arises from insufficient sanitization/escaping of certain settings, enabling Stored XSS by high-privilege users (e.g., admins), even when unfiltered_html is disallowed (such as in multi...

4.8CVSS5.7AI score0.00266EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder