AhnLab cybersecurity researchers: The malware is downloaded and executed from a WSF file within a compressed file, delivered via URL in phishing emails.
Pretty Google Calendar is vulnerable to Cross-Site Scripting (XSS) attacks. Wordfence cybersecurity experts: The flaw affects versions 1.5.1 to 1.6.0. Update the plugin now!
The Pretty Google Calendar WordPress plugin is vulnerable to Stored Cross-Site Scripting (XSS) cyber attacks in versions 1.5.1 to 1.6.0. The cybersecurity experts at Wordfence report it. The cause is insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The flaw, considered medium severity, has been remedied in plugin versions 1.6.0 and higher. A timely update of The Pretty Google Calendar is recommended.