Vulnerabilities > Google Calendar Events Project > Google Calendar Events > 2.0.3.1

DATE	CVE	VULNERABILITY TITLE	RISK
2014-10-16	CVE-2014-7138	Cross-Site Scripting vulnerability in Google Calendar Events Project Google Calendar Events 2.0.3.1 Cross-site scripting (XSS) vulnerability in the Google Calendar Events plugin before 2.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the gce_feed_ids parameter in a gce_ajax action to wp-admin/admin-ajax.php. network google-calendar-events-project CWE-79	4.3

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.