Plugin vulnerability!

  • gopa4

    (@gopa4)


    12 months ago

    I received this warning from Plesk (WP toolkit scan) today:

    WordPress Google Calendar Events plugin <= 3.2.6 – Cross Site Scripting (XSS) vulnerability

Viewing 13 replies - 1 through 13 (of 13 total)
  • Plugin Support john

    (@johnweru)

    Hi there,

    Thanks for reaching out to us.

    With respect the issue here, we have actually taken note of this issue and notified the development team about it.

    Kindly bear with us as this is looked into.

    Regards

    pereriu

    (@pereriu)

    How serious is this problem? SolidWP (former ithemes security) also warns of this.

    • This reply was modified 12 months ago by pereriu.
    daniel.vos

    (@danielvos)

    Medium severity. Score 6.5 out of 10.

    https://patchstack.com/database/vulnerability/google-calendar-events/wordpress-google-calendar-events-plugin-3-2-6-cross-site-scripting-xss-vulnerability

    Please expedite a fix!

    Plugin Support john

    (@johnweru)

    Hi there,

    In regards to this issue, I have reached out to the Patchstack team about this issue and awaiting details on it. We will fix this as soon as we have the details to it.

    Kindly bear with us in the menatime.

    Regards

    Hello John,

    I see your team is already on the case addressing the problem so I’m posting this for completeness of information. I use Defender Pro and it has advised me Simple Calendar is vulnerable thus:

    WordPress Google Calendar Events plugin <= 3.2.6 – Cross Site Scripting (XSS) vulnerability

    -Vulnerability type: Cross Site Scripting (XSS)
    -No Update Available

    Many thanks

    Tim

    Plugin Support john

    (@johnweru)

    Hi Tim,

    Thanks for writing in.

    In regards to this issue, it is just the same issue as highlighted above. Our development team will be looking into this matter.

    Kindly bear with us in the meantime.

    Regards

    Any update on when we can expect a fix?

    dj

    Plugin Support john

    (@johnweru)

    Hi there,

    Thanks for keeping in touch with us.

    In this case, unfortunately at this point in time I may not be in a position to provide an exact ETA as to when we will have a ready update. We have just received an update on the details to the error from PatchStack. We are reviewing our code as it currently stands to resolve the issue.

    Kindly bear with us in the meantime.

    Regards,

    John

    • This reply was modified 11 months, 3 weeks ago by john.
    Thread Starter gopa4

    (@gopa4)

    No fix after 2 weeks?

    Plugin Support john

    (@johnweru)

    Hi there,

    Thanks for following up on this.

    In this case, our development team are still working on this issue.

    We will keep you posted as soon as we have a release ready, within this thread.

    Kindly bear with us in the meantime.

    Regards

    Plugin Support john

    (@johnweru)

    Hi,

    I hope you are well.

    In regards to this issue, we have gone ahead and fixed this in our Simple Calendar version 3.2.7. Pease ensure that you update to this version.

    I hope this helps.

    Kind Regards

    Thread Starter gopa4

    (@gopa4)

    WordPress Google Calendar Events Plugin <= 3.2.7?is vulnerable to Cross Site Scripting (XSS)

    Plugin Support john

    (@johnweru)

    Hi there,

    Thanks for keeping in touch with us.

    In this case, this is fixed in version 3.2.8. Please update to this version.

    Kind Regards

Viewing 13 replies - 1 through 13 (of 13 total)
  • The topic ‘Plugin vulnerability!’ is closed to new replies.