[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Cross-Site Scripting vulnerability in Events Made Easy WordPress plugin



------------------------------------------------------------------------
Cross-Site Scripting vulnerability in Events Made Easy WordPress plugin
------------------------------------------------------------------------
Job Diesveld, July 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A Cross-Site Scripting vulnerability has been found in the Events Made
Easy WordPress plugin. By using this issue an attacker can create a
specially crafted event which, when posted to WordPress, injects
malicious JavaScript code into the application. This code will execute
within the browser of any user who views the relevant application
content.

------------------------------------------------------------------------
OVE ID
------------------------------------------------------------------------
OVE-20160729-0001

------------------------------------------------------------------------
Fix
------------------------------------------------------------------------
This issue has been fixed in Events Made Easy plugin version 1.6.21.

------------------------------------------------------------------------
Details
------------------------------------------------------------------------
https://sumofpwn.nl/advisory/2016/cross_site_scripting_vulnerability_in_events_made_easy_wordpress_plugin.html

------------------------------------------------------------------------
Summer of Pwnage (https://sumofpwn.nl) is a Dutch community project. Its
goal is to contribute to the security of popular, widely used OSS
projects in a fun and educational way.