Unrated severityNVD Advisory· Published Nov 29, 2021· Updated Aug 3, 2024
My Calendar < 3.2.18 - Subscriber+ Reflected Cross-Site Scripting
CVE-2021-24927
Description
The My Calendar WordPress plugin before 3.2.18 does not sanitise and escape the callback parameter of the mc_post_lookup AJAX action (available to any authenticated user) before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/My Calendardescription
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/86f3acc7-8902-4215-bd75-6105d601524emitrex_refsource_MISC
News mentions
0No linked articles in our index yet.