CVE-2021-24724

Name of the Vulnerable Software and Affected Versions The Timetable and Event Schedule by MotoPress WordPress plugin versions prior to 2.3.19

Description The issue allows low privilege users, such as authors, to perform XSS attacks against frontend and backend users when viewing related events. This is due to the plugin not sanitizing some of its parameters.

Recommendations For versions prior to 2.3.19, update to version 2.3.19 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's functionality for low-privilege users until the update is applied.