WordPress.Modern.Events.Calendar.Lite.Plugin.Stored.XSS
Description
This indicates an attack attempt to exploit a Cross-Site Scripting Vulnerability in WordPress Project Modern Events Calendar Lite.
This vulnerability is due to improper input validation for multiple parameters in the Hourly Schedule section. A remote, authenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in arbitrary script execution in the context of the victim's browser.
Affected Products
WordPress Project Modern Events Calendar Lite prior to 6.4.0
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://plugins.trac.wordpress.org/browser/modern-events-calendar-lite?rev=2683727
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |