Vulnerabilities > CVE-2022-4115 - Unspecified vulnerability in Editorial Calendar Project Editorial Calendar 3.7.12

CVSS 5.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

editorial-calendar-project

NVD

Published: 2023-06-27

Updated: 2024-11-21

Summary

The Editorial Calendar WordPress plugin before 3.8.3 does not sanitise and escape its settings, allowing users with roles as low as contributor to inject arbitrary web scripts in the plugin admin panel, enabling a Stored Cross-Site Scripting vulnerability targeting higher privileged users.

Vulnerable Configurations

Part	Description	Count
Application	Editorial_Calendar_Project Editorial Calendar Project Editorial Calendar 3.7.12	1

References

https://wpscan.com/vulnerability/2b5071e1-9532-4a6c-9da4-d07932474ca4
https://wpscan.com/vulnerability/2b5071e1-9532-4a6c-9da4-d07932474ca4