Medium severity4.8NVD Advisory· Published Sep 20, 2021· Updated Jun 17, 2026
CVE-2021-24604
CVE-2021-24604
Description
The Availability Calendar WordPress plugin before 1.2.2 does not sanitise or escape its Category Names before outputting them in page/post where the associated shortcode is embed, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <1.2.2
- Range: 1.2.2
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/d084c5b1-45f1-4e7e-b3e9-3c98ae4bce9cnvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.