Medium severity5.4NVD Advisory· Published Apr 12, 2021· Updated Jun 17, 2026
CVE-2021-24225
CVE-2021-24225
Description
The Advanced Booking Calendar WordPress plugin before 1.6.7 did not sanitise the calId GET parameter in the "Seasons & Calendars" page before outputing it in an A tag, leading to a reflected XSS issue
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/Advanced Booking Calendardescription
- Range: <1.6.7
Patches
Vulnerability mechanics
References
2- plugins.trac.wordpress.org/changeset/2503971/nvdPatchThird Party Advisory
- wpscan.com/vulnerability/25ca8af5-ab48-4e6d-b2ef-fc291742f1d5nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.