WordPress Plugin Vulnerabilities

All-in-One Event Calendar <= 2.5.38 - Cross-Site Scripting (XSS)

Description

The All-in-One Event Calendar WordPress plugin was affected by a Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
all-in-one-event-calendar
Fixed in 2.5.39

References

URL
https://plugins.trac.wordpress.org/changeset/2079393/all-in-one-event-calendar

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Submitter
Ryan Dewhurst
Submitter website
https://wpscan.io
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
94f37b56-4ca1-4b8f-9511-6125043b4763

Timeline

Publicly Published
2019-05-04 (about 7 years ago)
Added
2019-05-04 (about 7 years ago)
Last Updated
2019-11-01 (about 6 years ago)

Other

Published
Title
Published
2016-09-21
Title
W3 Total Cache < 0.9.5 - Authenticated Reflected Cross-Site Scripting (XSS)
Published
2025-08-02
Title
Doctreat < 1.6.8 - Reflected Cross-Site Scripting
Published
2014-08-01
Title
Cloak & Encrypt < 2.0 - Cross-Site Scripting (XSS)
Published
2025-06-19
Title
WP-Members < 3.5.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2025-02-03
Title
Product Blocks for WooCommerce < 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting