Arbitrary JavaScript Injection via yr Parameter in Spiffy Calendar Plugin for WordPress
CVE-2017-9420 · MEDIUM Severity
AV:N/AC:M/AU:N/C:N/I:P/A:N
Cross site scripting (XSS) vulnerability in the Spiffy Calendar plugin before 3.3.0 for WordPress allows remote attackers to inject arbitrary JavaScript via the yr parameter.
Learn more about our Wordpress Pen Testing.