Log out
Get PRO

Latest

Input validation vulnerability in Event Registration Calendar By vcita 1.3.1

  • Severity: medium-risk
  • Status: Open
  • Publication: June 2, 2023

Two plugins for WordPress, the Event Registration Calendar By vcita and the Online Payments – Get Paid with PayPal, Square & Stripe plugin, are vulnerable to a type of security threat called Stored Cross-Site Scripting. This happens when a user with certain privileges, such as contributors and above, is able to inject web scripts into pages that can be executed whenever someone accesses the page. Versions up to and including 1.3.1 of the Event Registration Calendar By vcita plugin and versions up to and including 3.9.1 of the Online Payments – Get Paid with PayPal, Square & Stripe plugin are affected.

Detected in:

Online Payments – Get Paid with PayPal, Square & Stripe fixed vulnerable versions: >= * <= 3.9.1
Event Registration Calendar By vcita open vulnerable versions: >= * <= 1.3.1

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.