Vulnerability Details CVE-2022-25611
Authenticated Stored Cross-Site Scripting (XSS) in Simple Event Planner plugin <= 1.5.4 allows attackers with contributor or higher user roles to inject the malicious script by using vulnerable parameter &custom[add_seg][].
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 39.1%
CVSS Severity
CVSS v3 Score 4.1
CVSS v2 Score 3.5
References
- https://patchstack.com/database/vulnerability/simple-event-planner/wordpress-simple-event-planner-plugin-1-5-4-authenticated-stored-cross-site-scripting-xss-vulnerability
- https://wordpress.org/plugins/simple-event-planner/#developers
- https://patchstack.com/database/vulnerability/simple-event-planner/wordpress-simple-event-planner-plugin-1-5-4-authenticated-stored-cross-site-scripting-xss-vulnerability
- https://wordpress.org/plugins/simple-event-planner/#developers
Products affected by CVE-2022-25611
-
cpe:2.3:a:presstigers:simple_event_planner:1.5.4