CVE-2022-2846
published 2022-08-16CVE-2022-2846: The Calendar Event Multi View WordPress plugin before 1.4.07 does not have any authorisation and CSRF checks in place when creating an event, and is also…
PriorityP431medium4.3CVSS 3.1
AVNACLPRNUIRSUCNILAN
EXPLOIT
EPSS
2.18%
80.1th percentile
The Calendar Event Multi View WordPress plugin before 1.4.07 does not have any authorisation and CSRF checks in place when creating an event, and is also lacking sanitisation as well as escaping in some of the event fields. This could allow unauthenticated attackers to create arbitrary events and put Cross-Site Scripting payloads in it.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dwbooster | calendar_event_multi_view | < 1.4.07 | 1.4.07 |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/171697/Calendar-Event-Multi-View-1.4.07-Cross-Site-Scripting.htmlhttps://wpscan.com/vulnerability/95f92062-08ce-478a-a2bc-6d026adf657chttp://packetstormsecurity.com/files/171697/Calendar-Event-Multi-View-1.4.07-Cross-Site-Scripting.htmlhttps://wpscan.com/vulnerability/95f92062-08ce-478a-a2bc-6d026adf657c
2022-08-16
Published