VDB
CISA-2024-7982
CISA-2024-7982
PUBLISHED
CVSS 9.6 CRITICAL
Reported by WPScan · Published November 8, 2024
The Registrations for the Events Calendar WordPress plugin before 2.12.4 does not sanitise and escape some parameters when accepting event registrations, which could allow unauthenticated users to perform Cross-Site Scripting attacks.
Risk Scores
CVSS 3.1
9.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Unknown | Registrations for the Events Calendar | 0 |
| Unknown | Registrations for the Events Calendar | 0, 0 |
| roundupwp | registrations_for_the_events_calendar | 0, 0 |
Timeline
- Nov 8, 2024 CVE Published
- Nov 8, 2024 CVE Updated