ByteOS Network

Canalplan

Source -

CNA

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

1Vulnerabilities found

CVE-2025-23616

Assigner-Patchstack

View Details

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.36% / 28.04%

7 Day CHG~0.00%

Published-03 Mar, 2025 | 13:30

Updated-28 Apr, 2026 | 16:11

WordPress Canalplan plugin <= 5.31 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Steve Canalplan canalplan-ac allows Reflected XSS.This issue affects Canalplan: from n/a through <= 5.31.

Vendor-Steve

Product-Canalplan

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')