Authenticated Stored Cross-Site Scripting (XSS)

Support for the WordPress Calendar plugin
Sea-Wing_Designs
Posts: 1
Joined: Tue Dec 04, 2018 9:02 pm

Authenticated Stored Cross-Site Scripting (XSS)

Unread post by Sea-Wing_Designs » Tue Dec 04, 2018 9:28 pm

In doing a Sucuri scan a potential vulnerability was found with this plugin:

Calendar <= 1.3.10 - Authenticated Stored Cross-Site Scripting (XSS)

How can this be fixed?

User avatar
Kieran
Posts: 2060
Joined: Sat May 26, 2007 1:55 pm
Location: London
Contact:

Re: Authenticated Stored Cross-Site Scripting (XSS)

Unread post by Kieran » Sat Feb 16, 2019 6:22 pm

This specific issue with the plugin was resolved and in addition a review was conducted by the WordPress plugin team. The recommendations of the team were also implemented and the plugin has been restored to the repository with a clean bill of health.

To get these fixes and remove the error message you're seeing, just use the WordPress dashboard to upgrade to the latest version of calendar which contains these fixes.

Post Reply