VDB-212632 · ~~CVE-2022-3796~~ · ~~GCVE-100-212632~~

Events Calendar Plugin on WordPress Event post.php title/body cross site scripting 🚫 [False Positive]

Noticeinfo

⚠️ Further investigation has shown that this issues is a false-positive. Please review the sources mentioned and consider not using this entry at all.

Productinfo

Type

Calendar Software

Name

Events Calendar Plugin

Timelineinfo

11/01/2022 🔍
11/01/2022 +0 days 🔍
11/01/2022 +0 days 🔍
11/30/2022 +29 days 🔍

Sourcesinfo

Advisory: drive.google.com
False Positive: Yes
Disputed: 🔍

CVE: CVE-2022-3796 (🔍)
GCVE (CVE): GCVE-0-2022-3796
GCVE (VulDB): GCVE-100-212632
scip Labs: https://www.scip.ch/en/?labs.20161013

Entryinfo

Created: 11/01/2022 16:38
Updated: 11/30/2022 14:54
Changes: 11/01/2022 16:38 (42), 11/03/2022 19:42 (2), 11/03/2022 20:40 (7), 11/30/2022 14:51 (1), 11/30/2022 14:54 (1)
Complete: 🔍
Cache ID: 216::103

Submitinfo

Duplicate

Submit #XXXXX: Xxxxxx Xxx Xx Xxx Xxxxxx Xxxxxxxx (by rezaduty)

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Discussion

We have tested this issue with The Events Calendar deactivated and the problem still occurs within WordPress core on Post and Pages. If this is, in fact, a vulnerability, it is within WordPress core itself and not The Events Calendar.

Thank you for your feedback.

◂ Previous Overview Next ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!