Vulnerability Details CVE-2022-25612
Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in Simple Event Planner WordPress plugin <= 1.5.4 allows user with author or higher user rights inject the malicious code via vulnerable parameters: &custom[event_organiser], &custom[organiser_email], &custom[organiser_contact].
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 39.1%
CVSS Severity
CVSS v3 Score 4.1
CVSS v2 Score 3.5
References
- https://patchstack.com/database/vulnerability/simple-event-planner/wordpress-simple-event-planner-plugin-1-5-4-multiple-authenticated-persistent-cross-site-scripting-xss-vulnerabilities
- https://wordpress.org/plugins/simple-event-planner/#developers
- https://patchstack.com/database/vulnerability/simple-event-planner/wordpress-simple-event-planner-plugin-1-5-4-multiple-authenticated-persistent-cross-site-scripting-xss-vulnerabilities
- https://wordpress.org/plugins/simple-event-planner/#developers
Products affected by CVE-2022-25612
-
cpe:2.3:a:presstigers:simple_event_planner:1.5.4