CVE-2021-24232
CVE-2021-24232 affects the WordPress plugin Advanced Booking Calendar prior to 1.6.8. The root cause is failure to sanitize the license error message output on the settings page, enabling an authenticated reflected XSS. The vulnerability affects the plugin’s settings handling and can be triggered...