Arbitrary JavaScript Injection via yr Parameter in Spiffy Calendar Plugin for WordPress

Arbitrary JavaScript Injection via yr Parameter in Spiffy Calendar Plugin for WordPress

CVE-2017-9420 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

Cross site scripting (XSS) vulnerability in the Spiffy Calendar plugin before 3.3.0 for WordPress allows remote attackers to inject arbitrary JavaScript via the yr parameter.

Learn more about our Wordpress Pen Testing.