cleantalk
Vulnerabilities and Security Researches

Timely All-in-One Events Calendar, 7bc5b9f9bd90a552fab6fa68cd3846b7a17b79b1

CVE, Research URL

7bc5b9f9bd90a552fab6fa68cd3846b7a17b79b1

Home page URL

Security reports for Timely All-in-One Events Calendar

Application

Timely All-in-One Events Calendar

Published on
Apr 11, 2012
Research Description
Timely All-in-One Events Calendar [all-in-one-event-calendar] < 1.5 (closed) WordPress All-in-One Event Calendar Plugin 1.4 - "button_value" Parameter XSS WordPress All-in-One Event Calendar plugin's/wp-content/plugins/all-in-one-event-calendar/app/view/box_publish_button.php "button_value" parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can steal cookie-based authentication credentials. Other attacks are also possible. Update the plugin.
Affected versions
max 1.5.
Status
vulnerable
Previous vulnerability researches
Timely All-in-One Events Calendar (CVE-2012-1835) , Jun 06, 2024
Timely All-in-One Events Calendar (0ec61ea96faadfd646a8e5a7c0f9494cb3f06c0c) , Jun 16, 2026
Timely All-in-One Events Calendar (a0fdedfbfa587d3a4153c8daef074ce28f3d31f5) , Jun 16, 2026
Timely All-in-One Events Calendar (7bc5b9f9bd90a552fab6fa68cd3846b7a17b79b1) , Jun 16, 2026
Timely All-in-One Events Calendar (2ff8446e-4277-407c-b43d-4146d5e3cfdb) , Jun 16, 2026
New vulnerability
Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps &amp; One (CVE-2026-56052) , Jun 26, 2026
Cornerstone (CVE-2026-9710) , Jun 26, 2026
Cornerstone (CVE-2026-9709) , Jun 26, 2026
Essential Blocks – Page Builder Gutenberg Blocks, Patterns &amp; Templates (CVE-2026-10833) , Jun 26, 2026
Post Duplicator (CVE-2026-10749) , Jun 26, 2026