CVE-2022-2844 LOW

CVE-2022-2844: MotoPress Timetable and Event Schedule Calendar cross site scripting

Vendor Motopress
Product Timetable and Event Schedule
Weakness CWE-79 · XSS
Published August 16, 2022
Last update April 15, 2025
View on NVD All CVEs

CVSS base score

3.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

A vulnerability classified as problematic has been found in MotoPress Timetable and Event Schedule up to 1.4.06. This affects an unknown part of the file /wp/?cpmvc_id=1&cpmvc_do_action=mvparse&f=datafeed&calid=1&month_index=1&method=adddetails&id=2 of the component Calendar Handler. The manipulation of the argument Subject/Location/Description leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-206487.

Key dates

02Disclosure timeline

August 16, 2022 CVE published
April 15, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-54290 WordPress Role Includer plugin <= 1.6 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2025-41750 Reflected XSS vulnerability in pxc_PortCfg.php CVE-2024-23885 Cross-Site Scripting (XSS) vulnerability in Cups Easy CVE-2024-33645 WordPress Easy Set Favicon plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2025-13383 Job Board by BestWebSoft <= 1.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via $_GET Array Storage