CVE-2022-2844

Name of the Vulnerable Software and Affected Versions MotoPress Timetable and Event Schedule versions up to 1.4.06

Description A vulnerability has been found in the Calendar Handler component of MotoPress Timetable and Event Schedule. The issue affects an unknown part of the file "/wp/?cpmvc id=1&cpmvc do action=mvparse&f=datafeed&calid=1&month index=1&method=adddetails&id=2". The manipulation of the Subject, Location, or Description arguments leads to cross-site scripting. It is possible to initiate the attack remotely.

Recommendations For MotoPress Timetable and Event Schedule versions up to 1.4.06, consider disabling the Calendar Handler component or restricting access to the affected file until a patch is available. As a temporary workaround, avoid using the Subject, Location, or Description arguments in the affected API endpoint. At the moment, there is no information about a newer version that contains a fix for this vulnerability.