Cross-site Scripting Vulnerability in The Holiday Calendar Plugin by WordPress
CVE-2025-29003
6.5MEDIUM
What is CVE-2025-29003?
A Cross-site Scripting vulnerability exists in The Holiday Calendar plugin, allowing attackers to inject malicious scripts into web pages viewed by users. This vulnerability affects versions from n/a up to 1.18.2.1 and poses a risk of exposing sensitive user data or redirecting users to harmful sites. Site administrators are advised to update to the latest version to mitigate potential risks.
Affected Version(s)
The Holiday Calendar <= 1.18.2.1