CVE-2021-24604 in Availability Calendar Plugininformação

Sumário

de MITRE • 20/09/2021

The Availability Calendar WordPress plugin before 1.2.2 does not sanitise or escape its Category Names before outputting them in page/post where the associated shortcode is embed, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Reservar

14/01/2021

Divulgação

20/09/2021

Moderação

aceite

Entrada

VDB-182931

CPE

pronto

EPSS

0.00598

KEV

não

Atividades

muito baixo

Fontes

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!