Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2021-24510

CWE-79Cross-site Scripting (XSS)4 documents4 sources
Severity
6.1MEDIUM
EPSS
21.1%
top 4.34%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Unknown MF GIG CalendarMF GIG Calendar Project MF GIG Calendar
Timeline
PublishedSep 13
Latest updateMay 24

Description

The MF Gig Calendar WordPress plugin before 1.2 does not sanitise and escape the id GET parameter before outputting back in the admin dashboard when editing an Event, leading to a reflected Cross-Site Scripting issue

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

CVEListV5unknown/mf_gig_calendar< 1.2

🔴Vulnerability Details

2
GHSA
GHSA-54p3-vvrm-gcf3: The MF Gig Calendar WordPress plugin through 12022-05-24
CVEList
MF Gig Calendar < 1.2 - Reflected Cross-Site Scripting (XSS)2021-09-13

💥Exploits & PoCs

1
Nuclei
WordPress MF Gig Calendar <=1.1 - Cross-Site Scripting
CVE-2021-24510 (MEDIUM CVSS 6.1) | The MF Gig Calendar WordPress plugi | cvebase.io