Vulnerabilities > Presstigers > Simple Event Planner

DATE CVE VULNERABILITY TITLE RISK
2022-03-25 CVE-2022-25611 Cross-site Scripting vulnerability in Presstigers Simple Event Planner 1.5.4
Authenticated Stored Cross-Site Scripting (XSS) in Simple Event Planner plugin <= 1.5.4 allows attackers with contributor or higher user roles to inject the malicious script by using vulnerable parameter &custom[add_seg][].
network
low complexity
presstigers CWE-79
5.4
5.4
2022-03-25 CVE-2022-25612 Cross-site Scripting vulnerability in Presstigers Simple Event Planner 1.5.4
Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in Simple Event Planner WordPress plugin <= 1.5.4 allows user with author or higher user rights inject the malicious code via vulnerable parameters: &custom[event_organiser], &custom[organiser_email], &custom[organiser_contact].
network
low complexity
presstigers CWE-79
5.4
5.4