CVE-2022-25611

Name of the Vulnerable Software and Affected Versions Simple Event Planner plugin versions <= 1.5.4

Description The issue is related to Authenticated Stored Cross-Site Scripting (XSS) that allows attackers with contributor or higher user roles to inject malicious scripts. This is achieved by using the vulnerable parameter custom[add seg][].

Recommendations For Simple Event Planner plugin versions <= 1.5.4, update to a version higher than 1.5.4 to resolve the issue. As a temporary workaround, consider restricting access to the custom[add seg][] parameter to minimize the risk of exploitation.