CVE-2025-1410

The Events Calendar Made Simple – Pie Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's piecal shortcode in all versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

WordPress Pie Calendar plugin <= 1.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via piecal Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via piecal Shortcode vulnerability discovered by Krzysztof Zając in WordPress Plugin Pie Calendar versions = 1.2.5...