CVE-2021-24510

Published: Sep 13, 2021Modified: Jun 17, 2026

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

The MF Gig Calendar WordPress plugin before 1.2 does not sanitise and escape the id GET parameter before outputting back in the admin dashboard when editing an Event, leading to a reflected Cross-Site Scripting issue

Affected (1)

Products: Mf Gig Calendar Project: Mf Gig Calendar

Mf Gig Calendar Project

1 product

Mf Gig Calendar

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mf Gig Calendar Project Mf Gig Calendar	Up to 1.1

References (2)

https://wpscan.com/vulnerability/715721b0-13a1-413a-864d-2380f38ecd39

Source: contact@wpscan.com

Third Party Advisory

https://wpscan.com/vulnerability/715721b0-13a1-413a-864d-2380f38ecd39

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.