cvedb.io
CVE-2022-0212
MEDIUM · CVSS 6.1
EPSS exploitation probability: 0%
Published 2022-02-14T12:15:16.550 · Last modified 2026-06-17T04:20:09.700

Summary

The SpiderCalendar WordPress plugin through 1.5.65 does not sanitise and escape the callback parameter before outputting it back in the page via the window AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting issue.

Affected products

10web — spidercalendar

Does this affect you?

Add your gear to cvedb and we'll alert you only when 10web ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.