My Calendar, CVE-2024-1274

CVE, Research URL: CVE-2024-1274
Home page URL: Security reports for My Calendar
Application: My Calendar
Published on: Apr 02, 2024
Research Description: The My Calendar WordPress plugin before 3.4.24 does not sanitise and escape some parameters, which could allow users with a role as low as Subscriber to perform Cross-Site Scripting attacks (depending on the permissions set by the admin)
Affected versions: max 3.4.24.
Status: vulnerable