VDB

CISA-2024-7982

CISA-2024-7982 PUBLISHED CVSS 9.6 CRITICAL

Reported by WPScan · Published November 8, 2024

The Registrations for the Events Calendar WordPress plugin before 2.12.4 does not sanitise and escape some parameters when accepting event registrations, which could allow unauthenticated users to perform Cross-Site Scripting attacks.

Risk Scores

CVSS 3.1
9.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected Products

VendorProductVersions
UnknownRegistrations for the Events Calendar0
UnknownRegistrations for the Events Calendar0, 0
roundupwpregistrations_for_the_events_calendar0, 0

Timeline

  • Nov 8, 2024 CVE Published
  • Nov 8, 2024 CVE Updated

References

  • exploitvdb-entrytechnical-description
Open in Interactive Console →
$ Console Community · 100/wk Open console ›