Description
The MF Gig Calendar WordPress plugin through 1.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Published: 2024-05-06
Score: 5.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

No analysis available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 18 Apr 2025 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Mf Gig Calendar Project
Mf Gig Calendar Project mf Gig Calendar
Weaknesses CWE-79
CPEs cpe:2.3:a:mf_gig_calendar_project:mf_gig_calendar:*:*:*:*:*:wordpress:*:*
Vendors & Products Mf Gig Calendar Project
Mf Gig Calendar Project mf Gig Calendar

Thu, 21 Nov 2024 17:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Subscriptions

Mf Gig Calendar Project Mf Gig Calendar
cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published:

Updated: 2024-11-21T17:05:56.034Z

Reserved: 2024-04-12T21:50:42.624Z

Link: CVE-2024-3755

cve-icon Vulnrichment

Updated: 2024-08-01T20:20:01.098Z

cve-icon NVD

Status : Analyzed

Published: 2024-05-06T06:15:07.140

Modified: 2025-04-18T12:55:12.317

Link: CVE-2024-3755

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses