WordPress Plugin Vulnerabilities

Google Calendar Events < 2.0.4 - XSS

Description

The Simple Calendar – Google Calendar Plugin WordPress plugin was affected by a XSS security vulnerability.

Affects Plugins

Plugin icon
google-calendar-events
Fixed in 2.0.4

References

CVE
CVE-2014-7138
URL
https://packetstormsecurity.com/files/#128626/
URL
https://www.securityfocus.com/archive/1/533640/100/0/threaded
URL
https://github.com/pderksen/WP-Google-Calendar-Events/commit/a701ceeb410bdda9d96c9d3d12104630df5d5b43
URL
https://www.immuniweb.com/advisory/HTB23235
URL
https://exchange.xforce.ibmcloud.com/vulnerabilities/96867

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Verified
Yes
WPVDB ID
fda9876c-3a05-42f6-9bf8-92b2e40715c2

Timeline

Publicly Published
2014-10-08 (about 11 years ago)
Added
2019-08-21 (about 6 years ago)
Last Updated
2019-11-27 (about 6 years ago)

Other

Published
Title
Published
2025-01-06
Title
Booking Calendar and Booking Calendar Pro <= Multiple Versions - Reflected Cross-Site Scripting via 'calendar_id'
Published
2024-05-21
Title
Elegant Addons for elementor <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via HTML tags
Published
2022-10-17
Title
WP < 6.0.3 - Reflected XSS via SQLi in Media Library
Published
2025-01-14
Title
Lijit Search <= 1.1 - Reflected Cross-Site Scripting
Published
2024-06-12
Title
Elementor Header & Footer Builder < 1.6.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via Site Title Widget