Medium severity4.1NVD Advisory· Published Mar 25, 2022· Updated Jun 17, 2026
CVE-2022-25612
CVE-2022-25612
Description
Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in Simple Event Planner WordPress plugin <= 1.5.4 allows user with author or higher user rights inject the malicious code via vulnerable parameters: &custom[event_organiser], &custom[organiser_email], &custom[organiser_contact].
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <=1.5.4
- PressTigers/Simple Event Planner (WordPress plugin)v5Range: <= 1.5.4
Patches
Vulnerability mechanics
References
2- patchstack.com/database/vulnerability/simple-event-planner/wordpress-simple-event-planner-plugin-1-5-4-multiple-authenticated-persistent-cross-site-scripting-xss-vulnerabilitiesnvdThird Party Advisory
- wordpress.org/plugins/simple-event-planner/nvdRelease NotesThird Party Advisory
News mentions
0No linked articles in our index yet.