WordPress Plugin Vulnerabilities

Simple Event Planner < 1.5.5 - Author+ Stored Cross-Site Scripting

Description

The plugin does not sanitise and escape some of its Event Options, such as event_organiser, organiser_email and organiser_contact which could allow users with a role as low as author to perform Cross-Site Scripting attacks

Affects Plugins

Plugin icon
simple-event-planner
Fixed in 1.5.5

References

CVE
CVE-2022-25612

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
4.1 (medium)

Miscellaneous

Original Researcher
Ex.Mi
Verified
No
WPVDB ID
1a4f0d82-a2c2-47fb-af30-886204f6bfab

Timeline

Publicly Published
2022-03-23 (about 4 years ago)
Added
2022-03-26 (about 4 years ago)
Last Updated
2022-04-11 (about 4 years ago)

Other

Published
Title
Published
2025-08-31
Title
Jobmonster < 4.7.9 - Reflected Cross-Site Scripting
Published
2023-02-15
Title
Feed Changer & Removerr < 0.3 - Admin+ Stored XSS
Published
2024-09-12
Title
Product Slider for WooCommerce < 1.13.51 - Reflected Cross-Site Scripting
Published
2021-11-23
Title
Gwolle Guestbook < 4.2.0 - Reflected Cross-Site Scripting
Published
2022-06-21
Title
Best Contact Management Software < 3.8 - Admin+ Stored Cross-Site Scripting