WordPress Plugin Cross-Site Scripting Vulnerability (CNVD-2021-102799)

WordPress is the Wordpress Foundation’s set of blogging platform developed using the PHP language. The platform supports the erection of personal blog sites on PHP and MySQL servers. WordPress Plugins is a WordPress open source application plugin. WordPress Plugins Modern Events Calendar Lite suffers from a cross-site scripting vulnerability that originated in the pre-6.1.5 Modern Events Calendar Lite WordPress plugin failed to process and escape the current month separator parameter of its mec list before outputting back a response, loading more AJAX calls (available to both unauthenticated and authenticated users), which led to a cross-site scripting issue. An attacker could exploit this vulnerability to execute client-side code.