Security Advisory

CVE-2022-2846

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-08-16 00:00:00
Last updated 2025-04-15 13:07:52
Assigner VulDB
State PUBLISHED

Description

The Calendar Event Multi View WordPress plugin before 1.4.07 does not have any authorisation and CSRF checks in place when creating an event, and is also lacking sanitisation as well as escaping in some of the event fields. This could allow unauthenticated attackers to create arbitrary events and put Cross-Site Scripting payloads in it.