CVE-2021-34667

Name of the Vulnerable Software and Affected Versions: Calendar plugin WordPress plugin versions up to and including 1.0

Description: The issue arises from the use of $ SERVER['PHP SELF'] in the ~/calendar.php file, allowing attackers to inject arbitrary web scripts. This enables Reflected Cross-Site Scripting attacks.

Recommendations: For Calendar plugin WordPress plugin versions up to and including 1.0, update to a version that fixes this issue, as the current version allows for the injection of arbitrary web scripts. At the moment, there is no information about a newer version that contains a fix for this vulnerability.