关键漏洞信息 漏洞概述 名称: My Calendar < 3.4.24 - Authenticated Stored XSS 描述: 插件没有对某些参数进行清理和转义,这可能会允许低权限用户(如订阅者)执行跨站脚本攻击(具体取决于管理员设置的权限)。 漏洞细节 影响插件 插件名: my-calendar 修复版本: 3.4.24 漏洞参考 CVE编号: CVE-2024-1274 分类 类型: XSS OWASP Top 10: A7: Cross-Site Scripting (XSS) CWE编号: CWE-79 CVSS评分: 4.3 (中等) 其他信息 提交者: cyc707 验证状态: 已验证 WPVDB ID: 91dba45b-9930-4bfb-a7bf-903c46864e9f 时间线 公开发布: 2024-03-07 添加时间: 2024-03-07 最后更新: 2024-03-07 其他相关漏洞 2024-09-27: EU/UK VAT Manager for WooCommerce <= 2.12.14 - Reflected Cross-Site Scripting 2025-04-24: RRSB <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting 2024-01-19: Chart.js for WordPress <= 2023.2 - Editor+ Stored Cross-Site Scripting in New Chart 2024-06-06: 12 Step Meeting List < 3.14.34 - Reflected Cross-Site Scripting 2025-09-22: Card Elements for WPBakery <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting