Calendar, CVE-2018-18872

CVE, Research URL: CVE-2018-18872
Home page URL: Security reports for Calendar
Application: Calendar
Published on: May 13, 2019
Research Description: The Kieran O'Shea Calendar plugin before 1.3.11 for WordPress has Stored XSS via the event_title parameter in a wp-admin/admin.php?page=calendar add action, or the category name during category creation at the wp-admin/admin.php?page=calendar-categories URI.
Affected versions: max 1.3.11.
Status: vulnerable