Cross-Site Scripting Vulnerability in My Calendar Plugin for WordPress
CVE-2012-6527

Currently unrated

Key Information:

Vendor: Wordpress
Status: My-calendar; WordPress
Vendor: CVE Published:; 31 January 2013

What is CVE-2012-6527?

The My Calendar plugin prior to version 1.10.2 for WordPress is susceptible to a cross-site scripting (XSS) flaw which enables remote attackers to inject arbitrary web scripts or HTML through the PATH_INFO variable. This exploitation can lead to unauthorized actions performed on behalf of authenticated users, potentially compromising sensitive information and user accounts. Website owners are advised to update their plugins promptly to mitigate these security risks.

References

http://wordpress.org/extend/plugins/my-calendar/changelog/

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/72454

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/51539

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 31, 2013
Vulnerability Reserved
Jan 30, 2013

CVE-2012-6527 Data

JSON

Wordpress

What is CVE-2012-6527?

References

Timeline