Cross site scripting (XSS) vulnerability in the Spiffy Calendar plugin before 3.3.0 for WordPress allows remote attackers to inject arbitrary JavaScript via the yr parameter.Referenceshttp://spiffycalendar.sunnythemes.com/version-3-3-0/https://wpvulndb.com/vulnerabilities/8842http://www.securityfocus.com/bid/98931
