WordPress All-in-One Event Calendar Plugin Multiple Cross Site Scripting Vulnerabilities Network Vulnerability

Summary

All-in-One Event Calendar plugin for WordPress is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. All-in-One Event Calendar 1.4 is vulnerable other prior versions may also be affected.

References

http://theseednetwork.com/services/websites-and-software/software/all-in-one-event-calendar-wordpress/
http://www.securityfocus.com/archive/1/522292
http://www.securityfocus.com/bid/52986
http://www.wordpress.org/
https://www.htbridge.com/advisory/HTB23082

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-1835
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Solr Directory Traversal Vulnerability Jan-14
Apache Tomcat NIO Connector Denial of Service Vulnerability
Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
Apache Subversion Module Metadata Accessible
An Image Gallery Directory Traversal Vulnerability

Take action and discover your vulnerabilities