Directory Traversal & XML Injection security Issues

  • Resolved davidjohnson26

    (@davidjohnson26)


    1 year, 2 months ago

    My site using the events calendar plugin and recently had a security scan. The scan noted 2 issues, Directory Traversal & XML Injection vulnerabilities. Please note that there has been no customization to the events calendar on our site. Also, I update WP Core and the plugins monthly. This is a very normal instance of the events calendar plugin.

    Directory Traversal:

    It noted that the following path was effected.

    • /events/ with parameter tribe-events-views[tribe-bar-search]

    I checked Events Calendar documentation and could not find any issues pertaining to security, nor remediations for this. As of writing, the plugins are up to date and are always updated each month.

    XML Injection

    It noted that the following paths was effected:

    • /events/ical
    • /events/category/national/list/ical

    Again, no documentation or remediations around XML Injection concerns with events calendar.

    Perhaps these are false positives? Or perhaps there is a solution out there I haven’t found?

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support tristan083

    (@tristan083)

    1 year, 2 months ago

    Hi @davidjohnson26 ,

    Thank you for reaching out and bringing this to our attention.

    For us to assist you better, please open a Support Ticket on our Help Desk.

    One of my colleagues will be with you shortly. We look forward to helping you out with this one. 

    Hang in there.

    Plugin Support Darian

    (@d0153)

    1 year, 2 months ago

    Hi there,

    It appears that there hasn’t been any recent activity on this thread, so we’ll close this for now. However, if you have any additional questions or concerns, feel free to start a new thread.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Directory Traversal & XML Injection security Issues’ is closed to new replies.

Tags