Vulnerability Description
Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in Simple Event Planner WordPress plugin <= 1.5.4 allows user with author or higher user rights inject the malicious code via vulnerable parameters: &custom[event_organiser], &custom[organiser_email], &custom[organiser_contact].
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Presstigers | Simple Event Planner | <= 1.5.4 |
Related Weaknesses (CWE)
References
- https://patchstack.com/database/vulnerability/simple-event-planner/wordpress-simThird Party Advisory
- https://wordpress.org/plugins/simple-event-planner/#developersRelease NotesThird Party Advisory
- https://patchstack.com/database/vulnerability/simple-event-planner/wordpress-simThird Party Advisory
- https://wordpress.org/plugins/simple-event-planner/#developersRelease NotesThird Party Advisory
FAQ
What is CVE-2022-25612?
CVE-2022-25612 is a vulnerability with a CVSS score of 4.1 (MEDIUM). Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in Simple Event Planner WordPress plugin <= 1.5.4 allows user with author or higher user rights inject the malicious code v...
How severe is CVE-2022-25612?
CVE-2022-25612 has been rated MEDIUM with a CVSS base score of 4.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-25612?
Check the references section above for vendor advisories and patch information. Affected products include: Presstigers Simple Event Planner.