Page 1 of 1

Authenticated Stored Cross-Site Scripting (XSS)

Posted: Tue Dec 04, 2018 9:28 pm
by Sea-Wing_Designs
In doing a Sucuri scan a potential vulnerability was found with this plugin:

Calendar <= 1.3.10 - Authenticated Stored Cross-Site Scripting (XSS)

How can this be fixed?

Re: Authenticated Stored Cross-Site Scripting (XSS)

Posted: Sat Feb 16, 2019 6:22 pm
by Kieran
This specific issue with the plugin was resolved and in addition a review was conducted by the WordPress plugin team. The recommendations of the team were also implemented and the plugin has been restored to the repository with a clean bill of health.

To get these fixes and remove the error message you're seeing, just use the WordPress dashboard to upgrade to the latest version of calendar which contains these fixes.