cleantalk
Vulnerabilities and Security Researches

Timely All-in-One Events Calendar, CVE-2012-1835

CVE, Research URL

CVE-2012-1835

Home page URL

Security reports for Timely All-in-One Events Calendar

Application

Timely All-in-One Events Calendar

Published on
Aug 15, 2012
Research Description
Multiple cross-site scripting (XSS) vulnerabilities in the All-in-One Event Calendar plugin 1.4 and 1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to app/view/agenda-widget-form.php; (2) args, (3) title, (4) before_title, or (5) after_title parameter to app/view/agenda-widget.php; (6) button_value parameter to app/view/box_publish_button.php; or (7) msg parameter to /app/view/save_successful.php.
Affected versions
max 1.8.2.
Status
vulnerable
Previous vulnerability researches
Timely All-in-One Events Calendar (CVE-2012-1835) , Jun 06, 2024
Timely All-in-One Events Calendar (0ec61ea96faadfd646a8e5a7c0f9494cb3f06c0c) , Jun 16, 2026
Timely All-in-One Events Calendar (a0fdedfbfa587d3a4153c8daef074ce28f3d31f5) , Jun 16, 2026
Timely All-in-One Events Calendar (7bc5b9f9bd90a552fab6fa68cd3846b7a17b79b1) , Jun 16, 2026
Timely All-in-One Events Calendar (2ff8446e-4277-407c-b43d-4146d5e3cfdb) , Jun 16, 2026
New vulnerability
Cornerstone (CVE-2026-9710) , Jun 26, 2026
Cornerstone (CVE-2026-9709) , Jun 26, 2026
Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates (CVE-2026-10833) , Jun 26, 2026
Post Duplicator (CVE-2026-10749) , Jun 26, 2026
Tourfic – Ultimate Hotel Booking, Travel Booking & Apartment Booking WordPress Plugin | WooCommerce Booking (CVE-2026-12937) , Jun 26, 2026