Description
WordPress Plugin All-in-One Event Calendar is prone to multiple vulnerabilities, including cross-site scripting and SQL injection vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, to steal cookie-based authentication credentials, to compromise the application, access or modify data or to exploit vulnerabilities in the underlying database. WordPress Plugin All-in-One Event Calendar version 1.10-standard is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.10.1-standard or latest
References
Related Vulnerabilities
Apache HTTP Server Other Vulnerability (CVE-2000-0505)
WordPress Plugin MiniMax-Page Layout Builder Cross-Site Scripting (1.3.4)
WordPress Plugin Groundhogg-Marketing Automation & CRM for WordPress SQL Injection (1.3.11.13)
PostgreSQL Cryptographic Issues Vulnerability (CVE-2012-2143)
Oracle Database Server CVE-2021-2175 Vulnerability (CVE-2021-2175)