CVE-2022-4320 - Mhsoftware Wordpress Events Calendar Plugin

Moderate 6.1

The WordPress Events Calendar WordPress plugin before 1.4.5 does not sanitize and escapes a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against both unauthenticated and authenticated users (such as high-privilege ones like admin).

Affected software

Mhsoftware Wordpress Events Calendar Plugin

Reference links

Get alerted to vulnerabilities in your software

CVE alerts, vulnerability alerts, latest versions and news matched to your software stack.