What is the severity of CVE-2022-25612?

The severity of CVE-2022-25612 is medium with a CVSSv3 score of 5.4.

Which software is affected by CVE-2022-25612?

The Simple Event Planner WordPress plugin version 1.5.4 and earlier is affected by CVE-2022-25612.

How can an attacker exploit CVE-2022-25612?

An attacker with author or higher user rights can exploit CVE-2022-25612 by injecting malicious code through vulnerable parameters such as &custom[event_organiser], &custom[organiser_email], &custom[organiser_cont].

Are there any patches or fixes available for CVE-2022-25612?

Yes, patches and fixes for CVE-2022-25612 are available. You can find them at the following references: [Patchstack](https://patchstack.com/database/vulnerability/simple-event-planner/wordpress-simple-event-planner-plugin-1-5-4-multiple-authenticated-persistent-cross-site-scripting-xss-vulnerabilities) and the [WordPress Plugin Page](https://wordpress.org/plugins/simple-event-planner/#developers).

Vulnerability/
CVE-2022-25612

medium

5.4

CWE

25/3/2022

20/2/2025

CVE-2022-25612: WordPress Simple Event Planner plugin <= 1.5.4 - Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities

Q: What is CVE-2022-25612?

CVE-2022-25612 is a vulnerability that refers to Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in the Simple Event Planner WordPress plugin <= 1.5.4.

First published: Fri Mar 25 2022(Updated: )

Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in Simple Event Planner WordPress plugin <= 1.5.4 allows user with author or higher user rights inject the malicious code via vulnerable parameters: &custom[event_organiser], &custom[organiser_email], &custom[organiser_contact].

Credit: audit@patchstack.com

Affected Software	Affected Version	How to fix
Presstigers Simple Event Planner	<=1.5.4

Remedy

Update to 1.5.5 or higher version.

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2022-25612?
CVE-2022-25612 is a vulnerability that refers to Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in the Simple Event Planner WordPress plugin <= 1.5.4.
What is the severity of CVE-2022-25612?
The severity of CVE-2022-25612 is medium with a CVSSv3 score of 5.4.
Which software is affected by CVE-2022-25612?
The Simple Event Planner WordPress plugin version 1.5.4 and earlier is affected by CVE-2022-25612.
How can an attacker exploit CVE-2022-25612?
An attacker with author or higher user rights can exploit CVE-2022-25612 by injecting malicious code through vulnerable parameters such as &custom[event_organiser], &custom[organiser_email], &custom[organiser_cont].
Are there any patches or fixes available for CVE-2022-25612?
Yes, patches and fixes for CVE-2022-25612 are available. You can find them at the following references: [Patchstack](https://patchstack.com/database/vulnerability/simple-event-planner/wordpress-simple-event-planner-plugin-1-5-4-multiple-authenticated-persistent-cross-site-scripting-xss-vulnerabilities) and the [WordPress Plugin Page](https://wordpress.org/plugins/simple-event-planner/#developers).

collector/nvd-index
agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/title
agent/author
agent/remedy
agent/weakness
agent/last-modified-date
agent/description
agent/first-publish-date
agent/event
agent/tags
agent/source
vendor/presstigers
canonical/presstigers simple event planner
version/presstigers simple event planner/1.5.4

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.