04 Apr

Reflected Cross-Site Scripting (XSS) Vulnerability in WordPress Event Calendar (Spider Event Calendar)

We recently discovered the WordPress Event Calendar (Spider Event Calendar) plugin had a reflected cross-site scripting (XSS) vulnerability. In version 1.5.38, and all previous versions, the file /nav_function/nav_html_func.php was echoing a POST variable without escaping it. That occurred on line 88:

[Read more]