PT-2026-6690 · WordPress · Events Listing Widget

Athiwat Tiprasaharn

+1

·

Publicado

2026-02-06

·

Atualizado

2026-02-06

·

CVE-2026-1252

CVSS v3.1

6.4

Média

VetorAV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions Events Listing Widget plugin for WordPress versions up to and including 1.3.4
Description The software is susceptible to Stored Cross-Site Scripting through the 'Event URL' parameter. Insufficient input sanitization and output escaping allow authenticated attackers with Author-level access or higher to inject arbitrary web scripts into pages. These scripts will execute when a user accesses the injected page.
Recommendations Update the Events Listing Widget plugin to a version newer than 1.3.4.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2026-1252

Produtos afetados

Events Listing Widget