https://www.pluginvulnerabilities.com/2017/11/21/cross-site-request-forgery-csrf-cross-site-scripting-vulnerability-in-simple-events-calendar/

While looking in to what turned out be a false report of a vulnerability in the plugin Simple Events Calendar, we noticed there is a cross-site request forgery (CSRF)/cross-site scripting (XSS) vulnerability in the plugin.

When the plugin’s admin page is requested, the function that generates that page checks if a new event has been submitted with the request using the

Share This