Cross-site Scripting Vulnerability in A.H.C. Waasdorp Simple Google Calendar Outlook Events Block Widget
CVE-2025-22497

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Simple Google Calendar Outlook Events Block Widget
Vendor: CVE Published:; 27 March 2025

What is CVE-2025-22497?

The Simple Google Calendar Outlook Events Block Widget, developed by A.H.C. Waasdorp, is susceptible to a Cross-site Scripting (XSS) vulnerability due to improper neutralization of input during web page generation. This flaw can allow attackers to inject malicious scripts into web pages viewed by users, potentially compromising sensitive data and user sessions. The vulnerability affects all versions of the widget up to 2.5.0, posing significant risks for users incorporating this plugin into their WordPress sites. Immediate action is recommended to safeguard against possible exploitation.

Affected Version(s)

Simple Google Calendar Outlook Events Block Widget 0 <= 2.5.0

References

https://patchstack.com/database/Wordpress/Plugin/simple-g...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 27, 2025
Vulnerability Reserved
Jan 7, 2025

Credit

Peter Thaleikis (Patchstack Alliance)

CVE-2025-22497 Data

JSON