2 matches found
CVE-2022-4115
The CVE-2022-4115 entry describes a Stored XSS vulnerability in the Editorial Calendar WordPress plugin (pre-3.8.3) caused by insufficient sanitisation/escaping of plugin settings. This allows users with roles as low as Contributor to inject arbitrary scripts in the plugin admin panel, potentiall...
CVE-2013-10023
The CVE-2013-10023 issue affects the WordPress Editorial Calendar Plugin up to version 2.6. The vulnerability is in the edcal_filter_where function in edcal.php, where manipulating the edcal_startDate/edcal_endDate parameters enables an SQL injection. Exploitation can be performed remotely. Upgra...