2021-08-02 10:32:28
WPScan
PUBLISHED
The Calendar Event Multi View WordPress plugin before 1.4.01 does not sanitise or escape the start and end GET parameters before outputting them in the page (via php/edit.php), leading to a reflected Cross-Site Scripting issue.