What the vulnerability does
01Description
Stored Cross-Site Scripting (XSS) vulnerability in Fabian von Allmen WP Calendar plugin <= 1.5.3 versions.
CVE-2022-45814
MEDIUM
CVE-2022-45814: WordPress WP Calendar Plugin <= 1.5.3 is vulnerable to Cross Site Scripting (XSS)
CVSS base score
5.4/10
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Key dates
02Disclosure timeline
March 17, 2023
CVE published
April 28, 2026
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2025-11437 JhumanJ OpnForm Form Editor forms cross site scripting
CVE-2025-23366 Org.jboss.hal:hal-console: wildfly hal console cross-site scripting
CVE-2025-23824 WordPress FontAwesome.io ShortCodes plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability
CVE-2024-52472 WordPress Weather Atlas Widget plugin <= 3.0.3 - Cross Site Scripting (XSS) vulnerability
CVE-2025-4415 Piwik PRO - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-058
