VYPR

Event Calendar

by WordPress

CVEs (2)

  • CVE-2026-0556MedFeb 19, 2026
    risk 0.42cvss 6.4epss 0.00

    The XO Event Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'xo_event_field' shortcode in all versions up to, and including, 3.2.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it…

  • CVE-2022-36390Sep 21, 2022
    risk 0.00cvss epss 0.00

    Authenticated (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Totalsoft Event Calendar – Calendar plugin <= 1.4.6 at WordPress.