Embed Calendly
Monthly
A Stored Cross-Site Scripting (XSS) vulnerability exists in the Simpma Embed Calendly plugin (versions up to and including 4.4) that allows authenticated attackers to inject malicious scripts into web pages. An attacker with login privileges can craft malicious input that persists in the application and executes in the browsers of other users who view the affected content, potentially compromising session tokens, credentials, or sensitive data. While this vulnerability requires prior authentication (lowering immediate exposure), the stored nature means the payload affects multiple victims and persists across sessions.
The Embed Calendly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'calendly' shortcode in versions up to, and including, 3.6 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A Stored Cross-Site Scripting (XSS) vulnerability exists in the Simpma Embed Calendly plugin (versions up to and including 4.4) that allows authenticated attackers to inject malicious scripts into web pages. An attacker with login privileges can craft malicious input that persists in the application and executes in the browsers of other users who view the affected content, potentially compromising session tokens, credentials, or sensitive data. While this vulnerability requires prior authentication (lowering immediate exposure), the stored nature means the payload affects multiple victims and persists across sessions.
The Embed Calendly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'calendly' shortcode in versions up to, and including, 3.6 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.