Calendar plugin removed from Wordpress.org due to XSS vuln

Support for the WordPress Calendar plugin
RandomWalker
Posts: 2
Joined: Sun Nov 04, 2018 6:59 pm

Calendar plugin removed from Wordpress.org due to XSS vuln

Unread post by RandomWalker » Sun Nov 04, 2018 10:47 pm

Hi Kieran,

The Calendar plugin has been removed from Wordpress.org due to an XSS vulnerability as described here:

http://wpvulndb.com/vulnerabilities/9141

This evidently applies to all versions of Calendar through the current version (1.3.10).

Do you plan to issue a patch for this?

Thanks,

-- John

User avatar
Kieran
Posts: 2058
Joined: Sat May 26, 2007 1:55 pm
Location: London
Contact:

Re: Calendar plugin removed from Wordpress.org due to XSS vu

Unread post by Kieran » Sat Feb 16, 2019 6:21 pm

This specific issue with the plugin was resolved and in addition a review was conducted by the WordPress plugin team. The recommendations of the team were also implemented and the plugin has been restored to the repository with a clean bill of health.

RandomWalker
Posts: 2
Joined: Sun Nov 04, 2018 6:59 pm

Re: Calendar plugin removed from Wordpress.org due to XSS vu

Unread post by RandomWalker » Sun Feb 17, 2019 2:57 pm

Thank you for updating this useful plugin!

— John

Post Reply