CVE-2023-23491

Name of the Vulnerable Software and Affected Versions Quick Event Manager WordPress Plugin version prior to 9.7.5

Description The issue is related to a reflected cross-site scripting vulnerability. It affects the category parameter of the qem ajax calendar action. This vulnerability can be exploited by a remote attacker to conduct a cross-site scripting (XSS) attack, potentially due to insufficient protection of the webpage structure.

Recommendations For versions prior to 9.7.5, update to version 9.7.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the qem ajax calendar action or avoiding the use of the category parameter in this action until the update is applied.