Description
WordPress Plugin My Calendar is prone to multiple vulnerabilities, including cross-site scripting and arbitrary file override vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, to steal cookie-based authentication credentials or to override arbitrary files the webserver user has access to. WordPress Plugin My Calendar version 2.3.29 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.3.30 or latest
References
Related Vulnerabilities
Piwigo Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-10679)
WordPress Plugin Modula Image Gallery Cross-Site Scripting (1.3.5)
WordPress Plugin HD Webplayer Multiple SQL Injection Vulnerabilities (1.1)
Apache Tomcat Other Vulnerability (CVE-2011-1183)
Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2008-3325)