### [CVE-2018-18872](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18872)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

The Kieran O'Shea Calendar plugin before 1.3.11 for WordPress has Stored XSS via the event_title parameter in a wp-admin/admin.php?page=calendar add action, or the category name during category creation at the wp-admin/admin.php?page=calendar-categories URI.

### POC

#### Reference
- https://wpvulndb.com/vulnerabilities/9141
- https://wpvulndb.com/vulnerabilities/9141

#### Github
No PoCs found on GitHub currently.