CVE-2021-24498

Name of the Vulnerable Software and Affected Versions Calendar Event Multi View WordPress plugin versions prior to 1.4.01

Description The issue is related to the lack of protection of the web page structure, allowing a remote attacker to conduct cross-site scripting attacks. Specifically, the start and end GET parameters are not sanitized or escaped before being output in the page via php/edit.php, leading to a reflected Cross-Site Scripting issue.

Recommendations For Calendar Event Multi View WordPress plugin versions prior to 1.4.01, update to version 1.4.01 or later to resolve the issue. As a temporary workaround, consider restricting access to the php/edit.php page until a patch is available. Avoid using the start and end GET parameters in the affected page until the issue is resolved.