WordPress · My Calendar · CVE-2012-6527
**Name of the Vulnerable Software and Affected Versions**
My Calendar plugin versions prior to 1.10.2
**Description**
The issue allows remote attackers to inject arbitrary web script or HTML via the PATH INFO, potentially leading to cross-site scripting (XSS) attacks.
**Recommendations**
For My Calendar plugin versions prior to 1.10.2, update to version 1.10.2 or later to resolve the issue.