PT-2025-36201 · WordPress · George Sexton Wordpress Events Calendar Plugin – Connectdaily

Mika

·

Published

2025-09-05

·

Updated

2025-09-05

·

CVE-2025-58862

Report an issue
CVSS v3.1
6.5
VectorAV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions:

George Sexton WordPress Events Calendar Plugin – connectDaily versions through 1.5.3

Description:

The WordPress Events Calendar Plugin – connectDaily contains a cross-site scripting (XSS) issue due to improper neutralization of input during web page generation. This allows for stored XSS attacks.

Recommendations:

Update George Sexton WordPress Events Calendar Plugin – connectDaily to a version later than 1.5.3.

Fix

XSS

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2025-58862

Affected Products

George Sexton Wordpress Events Calendar Plugin – Connectdaily