cleantalk
Vulnerabilities and Security Researches

WordPress Events Calendar Plugin – connectDaily, CVE-2022-4320

CVE, Research URL

CVE-2022-4320

Home page URL

Security reports for WordPress Events Calendar Plugin – connectDaily

Application

WordPress Events Calendar Plugin – connectDaily

Published on
Jan 16, 2023
Research Description
The WordPress Events Calendar WordPress plugin before 1.4.5 does not sanitize and escapes a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against both unauthenticated and authenticated users (such as high-privilege ones like admin).
Affected versions
Min -, max 1.4.5.
Status
vulnerable
Previous vulnerability researches
WordPress Events Calendar Plugin – connectDaily (CVE-2022-4320) , Jun 07, 2024
WordPress Events Calendar Plugin – connectDaily (CVE-2025-32597) , Apr 11, 2025
New vulnerability
WP Logger (CVE-2025-39456) , Apr 20, 2025
visualslider Sldier (CVE-2025-23448) , Apr 20, 2025
RSS Manager (CVE-2025-39418) , Apr 20, 2025
Contact Form vCard Generator (CVE-2025-39521) , Apr 20, 2025
AdminQuickbar (CVE-2025-39464) , Apr 20, 2025