Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-25612: WordPress Simple Event Planner plugin <= 1.5.4 - Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities - Patchstack

Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in Simple Event Planner WordPress plugin <= 1.5.4 allows user with author or higher user rights inject the malicious code via vulnerable parameters: &custom[event_organiser], &custom[organiser_email], &custom[organiser_contact].

CVE
Open in Source
#xss#vulnerability#wordpress#auth

Fixed

4.1

CVSS 3.1 score Medium severity

Monitoring Coming soon

Vulnerable versions

<= 1.5.4

PSID

56a261c950ae

Classification

Cross Site Scripting (XSS)

OWASP Top 10

A7: Cross-Site Scripting (XSS)

Required privilege

Requires author or higher role user authentication.

Credits

Ex.Mi (Patchstack)

Publicly disclosed

2022-03-23

Details

Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities discovered by Ex.Mi (Patchstack) in WordPress Simple Event Planner plugin (versions <= 1.5.4).

Solution

Update the WordPress Simple Event Planner plugin to the latest available version (at least 1.5.5).

References

CVE-2022-25612 Plugin changelog

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE