24 Oct

Authenticated Persistent Cross-Site Scripting (XSS) Vulnerability in Event Calendar WD

The changelog for the latest version of Event Calendar WD indicates that some sort of cross-site scripting (XSS) vulnerability had been fixed, “Fixed: XSS vulnerabilities”. Looking at the changes made in that version various data is escaped before being output, but when we went to check this out what we found that was incompletely done. As an [Read more]

30 Jun

Vulnerability Details: Reflected Cross-Site Scripting (XSS) Vulnerability in Event Calendar WD

This Vulnerability Details post about a vulnerability in the plugin Event Calendar WD provides the details of a vulnerability we didn’t discover and access to it is limited to customers of our service, unlike the posts on vulnerabilities we have discovered, which are freely available and give you an idea of what information is provided [Read more]