CVE-2022-2846

Name of the Vulnerable Software and Affected Versions Calendar Event Multi View WordPress plugin versions prior to 1.4.07

Description The issue concerns a lack of authorization and CSRF checks when creating events, as well as insufficient sanitization and escaping in some event fields. This could allow unauthenticated attackers to create arbitrary events and inject Cross-Site Scripting payloads. The vulnerability can be exploited remotely, potentially leading to cross-site request forgery.

Recommendations For versions prior to 1.4.07, update to version 1.4.07 or later to resolve the issue. As a temporary workaround, consider restricting access to event creation functionality to minimize the risk of exploitation. Avoid using the plugin's event creation feature until the issue is resolved.