Page 1 of 1

Calendar plugin removed from Wordpress.org due to XSS vuln

Posted: Sun Nov 04, 2018 10:47 pm
by RandomWalker
Hi Kieran,

The Calendar plugin has been removed from Wordpress.org due to an XSS vulnerability as described here:

http://wpvulndb.com/vulnerabilities/9141

This evidently applies to all versions of Calendar through the current version (1.3.10).

Do you plan to issue a patch for this?

Thanks,

-- John

Re: Calendar plugin removed from Wordpress.org due to XSS vu

Posted: Sat Feb 16, 2019 6:21 pm
by Kieran
This specific issue with the plugin was resolved and in addition a review was conducted by the WordPress plugin team. The recommendations of the team were also implemented and the plugin has been restored to the repository with a clean bill of health.

Re: Calendar plugin removed from Wordpress.org due to XSS vu

Posted: Sun Feb 17, 2019 2:57 pm
by RandomWalker
Thank you for updating this useful plugin!

— John