Medium severity6.1NVD Advisory· Published Feb 14, 2022· Updated Jun 17, 2026
CVE-2022-0212
CVE-2022-0212
Description
The SpiderCalendar WordPress plugin through 1.5.65 does not sanitise and escape the callback parameter before outputting it back in the page via the window AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/SpiderCalendardescription
- Range: <=1.5.65
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/15be2d2b-baa3-4845-82cf-3c351c695b47nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.