CVE-2024-10186

The Event post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's eventscal shortcode in all versions up to, and including, 5.9.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

WordPress Event Post plugin <= 5.9.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via events_cal Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via eventscal Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Event post versions = 5.9.6...