Unrated severityNVD Advisory· Published Jan 16, 2023· Updated Apr 4, 2025
WordPress Events Calendar Plugin < 1.4.5 - Multiple Reflected XSS
CVE-2022-4320
Description
The WordPress Events Calendar WordPress plugin before 1.4.5 does not sanitize and escapes a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against both unauthenticated and authenticated users (such as high-privilege ones like admin).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <1.4.5
- Range: < 1.4.5
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/f1244c57-d886-4a6e-8cdb-18404e8c153cmitreexploitvdb-entrytechnical-description
News mentions
0No linked articles in our index yet.