CVE-2022-0364

CVE-2022-0364: Modern Events Calendar Lite < 6.4.0 - Contributor+ Stored Cross Site Scripting

Vendor Unknown

Product Modern Events Calendar Lite

Weakness CWE-79 · XSS

Published March 21, 2022

Last update August 2, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Modern Events Calendar Lite WordPress plugin before 6.4.0 does not sanitize and escape some of the Hourly Schedule parameters which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks

Key dates

02Disclosure timeline

March 21, 2022 CVE published

August 2, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-0364

Related vulnerabilities

04Related CVE

CVE-2022-29610 CVE-2023-0323 Cross-site Scripting (XSS) - Stored in pimcore/pimcore CVE-2025-30527 WordPress My Bootstrap Menu plugin <= 1.2.1 - Stored Cross Site Scripting (XSS) vulnerability CVE-2024-7874 XSS in Tungsten Automation TotalAgility CVE-2025-34404 MailEnable < 10.54 Reflected XSS in InstanceScope Parameter of CAL/compose.aspx