3 matches found
CVE-2024-1274
The My Calendar WordPress plugin before 3.4.24 does not sanitise and escape some parameters, which could allow users with a role as low as Subscriber to perform Cross-Site Scripting attacks depending on the permissions set by the admin...
CVE-2024-1274
The My Calendar WordPress plugin before 3.4.24 does not sanitise and escape some parameters, which could allow users with a role as low as Subscriber to perform Cross-Site Scripting attacks depending on the permissions set by the admin...
CVE-2024-1274
The CVE-2024-1274 issue affects the My Calendar WordPress plugin prior to version 3.4.24. The vulnerability arises because the plugin does not sanitize or escape certain parameters, enabling Cross-Site Scripting (XSS) by users with a low-privilege role (Subscriber) depending on admin permissions....