WordPress Plugin Cross-Site Scripting Vulnerability (CNVD-2021-102402)

WordPress is the Wordpress Foundation’s set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is a WordPress open source application plugin. WordPress plugin has a cross-site scripting vulnerability that stems from the fact that My Calendar does not clean up and escape the callback parameters of the mc_post_lookup AJAX operation (which is available to any authenticated available to any authenticated user) callback parameters are not cleaned up and escaped before being output back to the response, leading to a reflection cross-site scripting issue. No details of the vulnerability are currently available.