Skip to main content

Embed Calendly

2 CVEs product

Monthly

CVE-2026-32411 MEDIUM This Month

A Stored Cross-Site Scripting (XSS) vulnerability exists in the Simpma Embed Calendly plugin (versions up to and including 4.4) that allows authenticated attackers to inject malicious scripts into web pages. An attacker with login privileges can craft malicious input that persists in the application and executes in the browsers of other users who view the affected content, potentially compromising session tokens, credentials, or sensitive data. While this vulnerability requires prior authentication (lowering immediate exposure), the stored nature means the payload affects multiple victims and persists across sessions.

XSS Embed Calendly
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2023-4995 MEDIUM This Month

The Embed Calendly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'calendly' shortcode in versions up to, and including, 3.6 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Embed Calendly
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
EPSS 0% CVSS 6.5
MEDIUM This Month

A Stored Cross-Site Scripting (XSS) vulnerability exists in the Simpma Embed Calendly plugin (versions up to and including 4.4) that allows authenticated attackers to inject malicious scripts into web pages. An attacker with login privileges can craft malicious input that persists in the application and executes in the browsers of other users who view the affected content, potentially compromising session tokens, credentials, or sensitive data. While this vulnerability requires prior authentication (lowering immediate exposure), the stored nature means the payload affects multiple victims and persists across sessions.

XSS Embed Calendly
NVD VulDB
EPSS 0% CVSS 6.4
MEDIUM This Month

The Embed Calendly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'calendly' shortcode in versions up to, and including, 3.6 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Embed Calendly
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy