CVE-2021-24604 in Availability Calendar Plugin
Sumário
de MITRE • 20/09/2021
The Availability Calendar WordPress plugin before 1.2.2 does not sanitise or escape its Category Names before outputting them in page/post where the associated shortcode is embed, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed
If you want to get the best quality for vulnerability data then you always have to consider VulDB.