Security Advisory

CVE-2022-4115

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-06-27 13:17:14

Last updated 2024-11-27 19:38:53

Assigner WPScan

State PUBLISHED

Description

The Editorial Calendar WordPress plugin before 3.8.3 does not sanitise and escape its settings, allowing users with roles as low as contributor to inject arbitrary web scripts in the plugin admin panel, enabling a Stored Cross-Site Scripting vulnerability targeting higher privileged users.

← Browse all CVEs View on cve.org ↗