VDB
CVE-2024-7982
CVE-2024-7982
PUBLISHED
CVSS 9.600000381469727 CRITICAL
The Registrations for the Events Calendar WordPress plugin before 2.12.4 does not sanitise and escape some parameters when accepting event registrations, which could allow unauthenticated users to perform Cross-Site Scripting attacks.
EPSS 1.85% · 83.4th percentile
Risk Scores
CVSS 3.1
9.600000381469727
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS Score
1.85%
83.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| roundupwp | registrations_for_the_events_calendar | 0 |
| roundupwp | registrations_for_the_events_calendar | 0 |
| Unknown | Registrations for the Events Calendar | 0 |
Timeline
- Nov 8, 2024 Coalition ESS Score
- Nov 8, 2024 Coalition ESS Score
- Nov 8, 2024 CVE Published
- Nov 8, 2024 CVE Updated
- Nov 9, 2024 EPSS Score
- Nov 27, 2024 EPSS Score
- Dec 16, 2024 EPSS Score
- Jan 20, 2025 EPSS Score
- Feb 7, 2025 EPSS Score
- Feb 25, 2025 EPSS Score
- Mar 15, 2025 EPSS Score
- Mar 23, 2025 EPSS Score