Vulnerabilities > MY Calendar Project > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-29 | CVE-2021-24927 | Unspecified vulnerability in MY Calendar Project MY Calendar The My Calendar WordPress plugin before 3.2.18 does not sanitise and escape the callback parameter of the mc_post_lookup AJAX action (available to any authenticated user) before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue | 5.4 |
| 2019-08-28 | CVE-2019-15713 | Cross-site Scripting vulnerability in MY Calendar Project MY Calendar The my-calendar plugin before 3.1.10 for WordPress has XSS. | 6.1 |