Lucene search
Krzysztof ZajΔ
cWPVDB-ID:15BE2D2B-BAA3-4845-82CF-3C351C695B47HistoryJan 13, 2022 - 12:00 a.m.
SpiderCalendar <= 1.5.65 - Reflected Cross-Site Scripting
2022-01-1300:00:00
Krzysztof ZajΔ
c
wpscan.com
4
spidercalendar
plugin
version 1.5.65
reflected cross-site scripting
callback parameter
window ajax action
unauthenticated users
authenticated users
closure
maintenance
security issue
EPSS
0.001
Percentile
36.8%
The plugin does not sanitise and escape the callback parameter before outputting it back in the page via the window AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting issue. Note: Vendor decided to close the plugin and it wonβt be maintained anymore
PoC
Related
cnvd
cnvd
WordPress SpiderCalendar pluginθ·¨η«θζ¬ζΌζ΄
2022-02-16 00:00:00
cve
cve
CVE-2022-0212
2022-02-14 12:15:16
patchstack
patchstack
prion
prion
Cross site scripting
2022-02-14 12:15:00
cvelist
cvelist
CVE-2022-0212 SpiderCalendar <= 1.5.65 - Reflected Cross-Site Scripting
2022-02-14 09:21:08
nvd
nvd
CVE-2022-0212
2022-02-14 12:15:16
nuclei
nuclei
WordPress Spider Calendar <=1.5.65 - Cross-Site Scripting
2023-03-31 11:28:24
wpexploit
wpexploit
SpiderCalendar <= 1.5.65 - Reflected Cross-Site Scripting
2022-01-13 00:00:00