Cp Multi View Event Calendar
Monthly
A Stored Cross-Site Scripting (XSS) vulnerability exists in the CodePeople CP Multi View Event Calendar WordPress plugin through version 1.4.35, allowing authenticated or unauthenticated attackers to inject malicious JavaScript that persists in the database and executes in the browsers of site visitors. This CWE-79 vulnerability enables attackers to steal session cookies, redirect users to malicious sites, or perform actions on behalf of administrators. While no CVSS score or EPSS data are currently published and the vulnerability has not been designated as actively exploited in CISA's KEV catalog, the nature of stored XSS combined with the plugin's event calendar functionality-which typically accepts user input for event creation and editing-indicates a credible attack surface.
SQL injection vulnerability in the CP Multi View Event Calendar plugin 1.01 for WordPress allows remote attackers to execute arbitrary SQL commands via the calid parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 78.0%.
A Stored Cross-Site Scripting (XSS) vulnerability exists in the CodePeople CP Multi View Event Calendar WordPress plugin through version 1.4.35, allowing authenticated or unauthenticated attackers to inject malicious JavaScript that persists in the database and executes in the browsers of site visitors. This CWE-79 vulnerability enables attackers to steal session cookies, redirect users to malicious sites, or perform actions on behalf of administrators. While no CVSS score or EPSS data are currently published and the vulnerability has not been designated as actively exploited in CISA's KEV catalog, the nature of stored XSS combined with the plugin's event calendar functionality-which typically accepts user input for event creation and editing-indicates a credible attack surface.
SQL injection vulnerability in the CP Multi View Event Calendar plugin 1.01 for WordPress allows remote attackers to execute arbitrary SQL commands via the calid parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 78.0%.