4 matches found
WordPress Event Calendar plugin <= 1.0.4 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Event Calendar versions = 1.0.4...
CVE-2024-8701
The events-calendar WordPress plugin through 1.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-8701 Event Calendar <= 1.0.4 - Admin+ Stored XSS
The events-calendar WordPress plugin through 1.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-8701
The CVE-2024-8701 entry concerns the WordPress events-calendar plugin (versions up to 1.0.4). The vulnerability arises from insufficient sanitization/escaping of certain settings, enabling Stored XSS by high-privilege users (e.g., admins), even when unfiltered_html is disallowed (such as in multi...