RSS   Vulnerabilities for 'Eventcalendar'   RSS

2022-01-17
 
CVE-2021-25024

CWE-79
 

 
The EventCalendar WordPress plugin before 1.1.51 does not escape some user input before outputting it back in attributes, leading to Reflected Cross-SIte Scripting issues

 
 
CVE-2021-25025

CWE-862
 

 
The EventCalendar WordPress plugin before 1.1.51 does not have proper authorisation and CSRF checks in the add_calendar_event AJAX actions, allowing users with a role as low as subscriber to create events

 

 >>> Vendor: Theeventscalendar 2 Products
Eventbrite tickets
Eventcalendar


Copyright 2022, cxsecurity.com

 

Back to Top