Plugin Support
john
(@johnweru)
Hi there,
Thanks for reaching out to us.
With respect the issue here, we have actually taken note of this issue and notified the development team about it.
Kindly bear with us as this is looked into.
Regards
How serious is this problem? SolidWP (former ithemes security) also warns of this.
-
This reply was modified 1 year, 12 months ago by
pereriu.
Plugin Support
john
(@johnweru)
Hi there,
In regards to this issue, I have reached out to the Patchstack team about this issue and awaiting details on it. We will fix this as soon as we have the details to it.
Kindly bear with us in the menatime.
Regards
Hello John,
I see your team is already on the case addressing the problem so I’m posting this for completeness of information. I use Defender Pro and it has advised me Simple Calendar is vulnerable thus:
WordPress Google Calendar Events plugin <= 3.2.6 – Cross Site Scripting (XSS) vulnerability
-Vulnerability type: Cross Site Scripting (XSS)
-No Update Available
Many thanks
Tim
Plugin Support
john
(@johnweru)
Hi Tim,
Thanks for writing in.
In regards to this issue, it is just the same issue as highlighted above. Our development team will be looking into this matter.
Kindly bear with us in the meantime.
Regards
Any update on when we can expect a fix?
dj
Plugin Support
john
(@johnweru)
Hi there,
Thanks for keeping in touch with us.
In this case, unfortunately at this point in time I may not be in a position to provide an exact ETA as to when we will have a ready update. We have just received an update on the details to the error from PatchStack. We are reviewing our code as it currently stands to resolve the issue.
Kindly bear with us in the meantime.
Regards,
John
-
This reply was modified 1 year, 11 months ago by
john.
Plugin Support
john
(@johnweru)
Hi there,
Thanks for following up on this.
In this case, our development team are still working on this issue.
We will keep you posted as soon as we have a release ready, within this thread.
Kindly bear with us in the meantime.
Regards
Plugin Support
john
(@johnweru)
Hi,
I hope you are well.
In regards to this issue, we have gone ahead and fixed this in our Simple Calendar version 3.2.7. Pease ensure that you update to this version.
I hope this helps.
Kind Regards
Thread Starter
gopa4
(@gopa4)
WordPress Google Calendar Events Plugin <= 3.2.7 is vulnerable to Cross Site Scripting (XSS)
Plugin Support
john
(@johnweru)
Hi there,
Thanks for keeping in touch with us.
In this case, this is fixed in version 3.2.8. Please update to this version.
Kind Regards
