First published: Mon Feb 14 2022(Updated: )
The SpiderCalendar WordPress plugin through 1.5.65 does not sanitise and escape the callback parameter before outputting it back in the page via the window AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting issue.
Credit: contact@wpscan.com
Affected Software | Affected Version | How to fix |
---|---|---|
10web Spidercalendar | <=1.5.65 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-0212 refers to a vulnerability in the SpiderCalendar WordPress plugin version 1.5.65 that allows for a Reflected Cross-Site Scripting issue.
CVE-2022-0212 has a severity level of medium with a CVSS score of 6.1.
The SpiderCalendar WordPress plugin version 1.5.65 is affected by CVE-2022-0212.
To fix CVE-2022-0212, it is recommended to update the SpiderCalendar plugin to a version beyond 1.5.65 as soon as a patch becomes available.
CVE-2022-0212 falls under the category of a common vulnerability known as Reflected Cross-Site Scripting (XSS).