VDB

CVE-2024-7982

CVE-2024-7982 PUBLISHED CVSS 9.600000381469727 CRITICAL

The Registrations for the Events Calendar WordPress plugin before 2.12.4 does not sanitise and escape some parameters when accepting event registrations, which could allow unauthenticated users to perform Cross-Site Scripting attacks.

EPSS 1.85% · 83.4th percentile

Risk Scores

CVSS 3.1
9.600000381469727
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS Score
1.85%
83.4th percentile

Affected Products

VendorProductVersions
roundupwpregistrations_for_the_events_calendar0
roundupwpregistrations_for_the_events_calendar0
UnknownRegistrations for the Events Calendar0

Timeline

  • Nov 8, 2024 Coalition ESS Score
  • Nov 8, 2024 Coalition ESS Score
  • Nov 8, 2024 CVE Published
  • Nov 8, 2024 CVE Updated
  • Nov 9, 2024 EPSS Score
  • Nov 27, 2024 EPSS Score
  • Dec 16, 2024 EPSS Score
  • Jan 20, 2025 EPSS Score
  • Feb 7, 2025 EPSS Score
  • Feb 25, 2025 EPSS Score
  • Mar 15, 2025 EPSS Score
  • Mar 23, 2025 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›