The plugin does not sanitise and escape some of its Event Options, such as event_organiser, organiser_email and organiser_contact which could allow users with a role as low as author to perform Cross-Site Scripting attacks
CPE | Name | Operator | Version |
---|---|---|---|
simple-event-planner | lt | 1.5.5 |