HTTP: WordPress Modern Events Calendar Lite Plugin Stored Cross-Site Scripting
This signature detects attempts to exploit a known cross-site scripting vulnerability against WordPress Modern Events Calendar Lite Plugin. It is due to insufficient validation of user-supplied input. Attackers can steal cookie-based authentication credentials and launch other attacks.
Extended Description
The Modern Events Calendar Lite WordPress plugin before 6.4.0 does not sanitize and escape some of the Hourly Schedule parameters which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks
Affected Products
Webnus modern_events_calendar_lite
References
CVE: CVE-2022-0364
URL: https://wpscan.com/vulnerability/0eb40cd5-838e-4b53-994d-22cf7c8a6c50
Short Name
HTTP:XSS:ME-CALENDAR-LITE-PLGIN
Severity
Warning
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2022-0364 Calendar Cross-Site Events Lite Modern Plugin Scripting Stored WordPress
Release Date
04/22/2022
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3608
False Positive
Unknown
Vendors
Webnus