The EMC – Easily Embed Calendly Scheduling Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's calendly shortcode in all versions up to, and including, 4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
The EMC – Easily Embed Calendly Scheduling Features WordPress plugin versions up to 4.4 contains a Stored Cross-Site Scripting vulnerability in its calendly shortcode due to insufficient input sanitization. Authenticated attackers with contributor-level access can inject malicious scripts that execute when users view affected pages.
يحتوي مكون Calendly الخاص بـ WordPress على ثغرة XSS مخزنة في اختصار calendly حيث لا يتم التحقق من صحة مدخلات المستخدم بشكل كافٍ. يمكن للمستخدمين الذين لديهم صلاحيات المساهم أو أعلى حقن أكواد JavaScript ضارة تُنفذ عند زيارة الصفحات المتأثرة.
The EMC – Easily Embed Calendly Scheduling Features WordPress plugin up to version 4.4 is vulnerable to Stored XSS attacks through the calendly shortcode due to inadequate input validation. Contributors and higher-privileged users can inject harmful scripts that run when visitors access compromised pages.
Update the EMC plugin to version 4.5 or later immediately. Review all pages and posts using the calendly shortcode for suspicious content. Implement strict user role management and limit contributor access to trusted users only. Enable WordPress security plugins with XSS detection capabilities.
قم بتحديث مكون EMC إلى الإصدار 4.5 أو أحدث فوراً. راجع جميع الصفحات والمنشورات التي تستخدم اختصار calendly بحثاً عن محتوى مريب. طبق إدارة صارمة لأدوار المستخدمين وحد من وصول المساهمين للمستخدمين الموثوقين فقط. فعّل مكونات أمان WordPress مع قدرات كشف XSS.