Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in Simple Event Planner WordPress plugin <= 1.5.4 allows user with author or higher user rights inject the malicious code via vulnerable parameters: &custom[event_organiser], &custom[organiser_email], &custom[organiser_contact].
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published: 2022-03-25T18:02:36.241837Z

Updated: 2024-09-16T19:26:05.261Z

Reserved: 2022-02-21T00:00:00

Link: CVE-2022-25612

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-03-25T19:15:10.890

Modified: 2024-11-21T06:52:26.593

Link: CVE-2022-25612

cve-icon Redhat

No data.