Unrated severityNVD Advisory· Published Sep 21, 2022· Updated Apr 28, 2026
WordPress Event Calendar – Calendar plugin <= 1.4.6 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability
CVE-2022-36390
Description
Authenticated (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Totalsoft Event Calendar – Calendar plugin <= 1.4.6 at WordPress.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <=1.4.6
- Totalsoft/Event Calendar – Calendar (WordPress plugin)v5Range: <= 1.4.6
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.