Likely missing a sanitize check on one of the recently introduced shortcode arguments.
The potential vulnerability is only exploitable only by logged-in users who publish a post with the shortcode that has malicious code in its arguments.
According to Patchstack: This security issue has a low severity impact and is unlikely to be exploited.
Likely missing a sanitize check on one of the recently introduced shortcode arguments.
The potential vulnerability is only exploitable only by logged-in users who publish a post with the shortcode that has malicious code in its arguments.
According to Patchstack: This security issue has a low severity impact and is unlikely to be exploited.
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/pretty-google-calendar/pretty-google-calendar-172-authenticated-contributor-stored-cross-site-scripting
https://patchstack.com/database/vulnerability/pretty-google-calendar/wordpress-pretty-google-calendar-plugin-1-7-2-cross-site-scripting-xss-vulnerability