CVE-2024-13891

Name of the Vulnerable Software and Affected Versions Schedule WordPress plugin version 1.0.0

Description The issue concerns a Reflected Cross-Site Scripting vulnerability. It occurs because the Schedule WordPress plugin does not properly sanitise and escape a parameter before outputting it back in the page. This could be used against high privilege users, such as the admin.

Recommendations For version 1.0.0, consider disabling the vulnerable functionality until a patch is available. Restrict access to the plugin to minimize the risk of exploitation. Avoid using the vulnerable parameter in the affected page until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.