.. / CVE-2021-24510

Exploit for WordPress MF Gig Calendar <=1.1 - Cross-Site Scripting (CVE-2021-24510)

Description:

WordPress MF Gig Calendar plugin 1.1 and prior contains a reflected cross-site scripting vulnerability. It does not sanitize or escape the id GET parameter before outputting back in the admin dashboard when editing an event.

Nuclei Template

View the template here CVE-2021-24510.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2021/CVE-2021-24510.yaml

References:

https://github.com/ARPSyndicate/cvemon
https://wpscan.com/vulnerability/715721b0-13a1-413a-864d-2380f38ecd39
https://nvd.nist.gov/vuln/detail/CVE-2021-24510
https://github.com/ARPSyndicate/kenzer-templates

.. / CVE-2021-24510 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for WordPress MF Gig Calendar <=1.1 - Cross-Site Scripting (CVE-2021-24510)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2021-24510