Vulnerability Description
Authenticated Stored Cross-Site Scripting (XSS) in Simple Event Planner plugin <= 1.5.4 allows attackers with contributor or higher user roles to inject the malicious script by using vulnerable parameter &custom[add_seg][].
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Presstigers | Simple Event Planner | <= 1.5.4 |
Related Weaknesses (CWE)
References
- https://patchstack.com/database/vulnerability/simple-event-planner/wordpress-simRelease NotesThird Party Advisory
- https://wordpress.org/plugins/simple-event-planner/#developersRelease NotesThird Party Advisory
- https://patchstack.com/database/vulnerability/simple-event-planner/wordpress-simRelease NotesThird Party Advisory
- https://wordpress.org/plugins/simple-event-planner/#developersRelease NotesThird Party Advisory
FAQ
What is CVE-2022-25611?
CVE-2022-25611 is a vulnerability with a CVSS score of 4.1 (MEDIUM). Authenticated Stored Cross-Site Scripting (XSS) in Simple Event Planner plugin <= 1.5.4 allows attackers with contributor or higher user roles to inject the malicious script by using vulnerable parame...
How severe is CVE-2022-25611?
CVE-2022-25611 has been rated MEDIUM with a CVSS base score of 4.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-25611?
Check the references section above for vendor advisories and patch information. Affected products include: Presstigers Simple Event Planner.