Theeventscalendar: >> Eventcalendar Security Vulnerabilities
The EventCalendar WordPress plugin before 1.1.51 does not escape some user input before outputting it back in attributes, leading to Reflected Cross-SIte Scripting issues
CVSS Score
6.1
EPSS Score
0.002
Published
2022-01-17
The EventCalendar WordPress plugin before 1.1.51 does not have proper authorisation and CSRF checks in the add_calendar_event AJAX actions, allowing users with a role as low as subscriber to create events
CVSS Score
4.3
EPSS Score
0.001
Published
2022-01-17