Title: Plugin vulnerability! Last modified: November 29, 2023 --- # Plugin vulnerability! * [gopa4](https://wordpress.org/support/users/gopa4/) * (@gopa4) * [2 years, 6 months ago](https://wordpress.org/support/topic/plugin-vulnerability-24/) * I received this warning from Plesk (WP toolkit scan) today: * WordPress Google Calendar Events plugin <= 3.2.6 – Cross Site Scripting (XSS) vulnerability Viewing 13 replies - 1 through 13 (of 13 total) * Plugin Support [john](https://wordpress.org/support/users/johnweru/) * (@johnweru) * [2 years, 6 months ago](https://wordpress.org/support/topic/plugin-vulnerability-24/#post-17238486) * Hi there, * Thanks for reaching out to us. * With respect the issue here, we have actually taken note of this issue and notified the development team about it. * Kindly bear with us as this is looked into. * Regards * [pereriu](https://wordpress.org/support/users/pereriu/) * (@pereriu) * [2 years, 6 months ago](https://wordpress.org/support/topic/plugin-vulnerability-24/#post-17240091) * How serious is this problem? SolidWP (former ithemes security) also warns of this. - This reply was modified 2 years, 6 months ago by [pereriu](https://wordpress.org/support/users/pereriu/). * [daniel.vos](https://wordpress.org/support/users/danielvos/) * (@danielvos) * [2 years, 5 months ago](https://wordpress.org/support/topic/plugin-vulnerability-24/#post-17240594) * Medium severity. Score 6.5 out of 10. * [https://patchstack.com/database/vulnerability/google-calendar-events/wordpress-google-calendar-events-plugin-3-2-6-cross-site-scripting-xss-vulnerability](https://patchstack.com/database/vulnerability/google-calendar-events/wordpress-google-calendar-events-plugin-3-2-6-cross-site-scripting-xss-vulnerability) * Please expedite a fix! * Plugin Support [john](https://wordpress.org/support/users/johnweru/) * (@johnweru) * [2 years, 5 months ago](https://wordpress.org/support/topic/plugin-vulnerability-24/#post-17241289) * Hi there, * In regards to this issue, I have reached out to the Patchstack team about this issue and awaiting details on it. We will fix this as soon as we have the details to it. * Kindly bear with us in the menatime. * Regards * [Big Impact Design](https://wordpress.org/support/users/baggi-t/) * (@baggi-t) * [2 years, 5 months ago](https://wordpress.org/support/topic/plugin-vulnerability-24/#post-17250007) * Hello John, * I see your team is already on the case addressing the problem so I’m posting this for completeness of information. I use Defender Pro and it has advised me Simple Calendar is vulnerable thus: WordPress Google Calendar Events plugin < = 3.2.6 – Cross Site Scripting (XSS) vulnerability * -Vulnerability type: Cross Site Scripting (XSS) -No Update Available * Many thanks * Tim * Plugin Support [john](https://wordpress.org/support/users/johnweru/) * (@johnweru) * [2 years, 5 months ago](https://wordpress.org/support/topic/plugin-vulnerability-24/#post-17250352) * Hi Tim, * Thanks for writing in. * In regards to this issue, it is just the same issue as highlighted above. Our development team will be looking into this matter. * Kindly bear with us in the meantime. * Regards * [dljordaneku](https://wordpress.org/support/users/dljordaneku/) * (@dljordaneku) * [2 years, 5 months ago](https://wordpress.org/support/topic/plugin-vulnerability-24/#post-17260505) * Any update on when we can expect a fix? * dj * Plugin Support [john](https://wordpress.org/support/users/johnweru/) * (@johnweru) * [2 years, 5 months ago](https://wordpress.org/support/topic/plugin-vulnerability-24/#post-17262166) * Hi there, * Thanks for keeping in touch with us. * In this case, unfortunately at this point in time I may not be in a position to provide an exact ETA as to when we will have a ready update. We have just received an update on the details to the error from PatchStack. We are reviewing our code as it currently stands to resolve the issue. * Kindly bear with us in the meantime. * Regards, * John - This reply was modified 2 years, 5 months ago by [john](https://wordpress.org/support/users/johnweru/). * Thread Starter [gopa4](https://wordpress.org/support/users/gopa4/) * (@gopa4) * [2 years, 5 months ago](https://wordpress.org/support/topic/plugin-vulnerability-24/#post-17276794) * No fix after 2 weeks? * Plugin Support [john](https://wordpress.org/support/users/johnweru/) * (@johnweru) * [2 years, 5 months ago](https://wordpress.org/support/topic/plugin-vulnerability-24/#post-17277388) * Hi there, * Thanks for following up on this. In this case, our development team are still working on this issue. * We will keep you posted as soon as we have a release ready, within this thread. * Kindly bear with us in the meantime. * Regards * Plugin Support [john](https://wordpress.org/support/users/johnweru/) * (@johnweru) * [2 years, 5 months ago](https://wordpress.org/support/topic/plugin-vulnerability-24/#post-17279539) * Hi, * I hope you are well. * In regards to this issue, we have gone ahead and fixed this in our Simple Calendar version 3.2.7. Pease ensure that you update to this version. * I hope this helps. Kind Regards * Thread Starter [gopa4](https://wordpress.org/support/users/gopa4/) * (@gopa4) * [2 years, 5 months ago](https://wordpress.org/support/topic/plugin-vulnerability-24/#post-17280289) * WordPress Google Calendar Events Plugin <= 3.2.7 is vulnerable to Cross [Site Scripting (XSS) ](https://patchstack.com/database/vulnerability/google-calendar-events/wordpress-google-calendar-events-plugin-3-2-6-cross-site-scripting-xss-vulnerability?_a_id=110) * Plugin Support [john](https://wordpress.org/support/users/johnweru/) * (@johnweru) * [2 years, 5 months ago](https://wordpress.org/support/topic/plugin-vulnerability-24/page/2/#post-17283426) * Hi there, * Thanks for keeping in touch with us. * In this case, this is fixed in version 3.2.8. Please update to this version. * Kind Regards Viewing 13 replies - 1 through 13 (of 13 total) The topic ‘Plugin vulnerability!’ is closed to new replies. * ![](https://ps.w.org/google-calendar-events/assets/icon-256x256.png?rev=1263960) * [Simple Calendar - Google Calendar Plugin](https://wordpress.org/plugins/google-calendar-events/) * [Frequently Asked Questions](https://wordpress.org/plugins/google-calendar-events/#faq) * [Support Threads](https://wordpress.org/support/plugin/google-calendar-events/) * [Active Topics](https://wordpress.org/support/plugin/google-calendar-events/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/google-calendar-events/unresolved/) * [Reviews](https://wordpress.org/support/plugin/google-calendar-events/reviews/) * 16 replies * 6 participants * Last reply from: [john](https://wordpress.org/support/users/johnweru/) * Last activity: [2 years, 5 months ago](https://wordpress.org/support/topic/plugin-vulnerability-24/page/2/#post-17283426) * Status: not resolved