6 matches found
CVE-2025-8777
The planetcalc plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘language’ parameter in all versions up to, and including, 2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...
CVE-2025-8777 planetcalc <= 2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via language Parameter
The planetcalc plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘language’ parameter in all versions up to, and including, 2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...
CVE-2025-8777
The CVE-2025-8777 entry concerns the WordPress planetcalc plugin (versions
CVE-2025-8777 planetcalc <= 2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via language Parameter
The planetcalc plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘language’ parameter in all versions up to, and including, 2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...
WordPress planetcalc plugin <= 2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via language Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via language Parameter vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin planetcalc versions = 2.2...
PT-2025-39946
Name of the Vulnerable Software and Affected Versions planetcalc plugin for WordPress versions up to and including 2.2 Description The planetcalc plugin for WordPress is susceptible to Stored Cross-Site Scripting through the language parameter. Insufficient input sanitization and output escaping...