CVE-2021-24341

Name of the Vulnerable Software and Affected Versions Xllentech English Islamic Calendar WordPress plugin versions prior to 2.6.8

Description The issue arises when deleting a date in the plugin, where the year number and month number POST parameters are not properly sanitized, escaped, or validated before being used in a SQL statement, leading to SQL injection.

Recommendations For versions prior to 2.6.8, update to version 2.6.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the date deletion functionality until the update is applied.