Description
WordPress Plugin The Events Calendar is prone to an open redirect vulnerability because the application fails to properly verify user-supplied input. Exploiting this issue may allow attackers to redirect users to arbitrary web sites and conduct phishing attacks; other attacks are also possible. WordPress Plugin The Events Calendar version 4.1.1 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 4.1.1.1 or latest
References
Related Vulnerabilities
WordPress Plugin Slimstat Analytics Security Bypass (5.0.5.1)
WordPress Plugin WP Banners Lite Cross-Site Scripting (1.40)
WordPress Plugin Super Interactive Maps for WordPress SQL Injection (2.1)
WordPress Plugin GDPR Cookie Consent Security Bypass (1.8.2)
Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-0791)