Easy Event calendar <= 1.0 – Admin+ Stored XSS | CVE 2023-28169

Affects Plugins

easy-event-calendar

No known fix

References

CVE

CVE-2023-28169

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

3.5 (low)

Miscellaneous

Original Researcher

Nithissh S

Verified

No

WPVDB ID

fe789056-67ef-42e3-882b-12c14a32b12f

Timeline

Publicly Published

2023-03-14 (about 3 years ago)

Added

2023-05-09 (about 3 years ago)

Last Updated

2023-05-09 (about 3 years ago)

Other

Published

Title

Published

2021-07-19

Title

YouTube Embed < 5.2.2 - Contributor+ Stored XSS

Published

2024-07-08

Title

Panda Video < 1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2022-11-17

Title

GetYourGuide Ticketing < 1.0.4 - Admin+ Stored XSS

Published

2019-07-03

Title

MyBookTable <= 3.2.2 - Multiple XSS

Published

2024-03-28

Title

B Slider - Slider for your block editor < 1.1.13 - Authenticated (Contributor+) Stored Cross-Site Scripting