CVE-2022-4115

Name of the Vulnerable Software and Affected Versions Editorial Calendar WordPress plugin versions prior to 3.8.3

Description The issue allows users with roles as low as contributor to inject arbitrary web scripts in the plugin admin panel, enabling a Stored Cross-Site Scripting vulnerability targeting higher privileged users. This occurs because the plugin does not sanitise and escape its settings.

Recommendations For versions prior to 3.8.3, update to version 3.8.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin admin panel to minimize the risk of exploitation.