CVE-2024-7982 — Vulnetix

Try Vulnetix Request Demo

CVE-2024-7982 PUBLISHED CVSS 9.600000381469727 CRITICAL

The Registrations for the Events Calendar WordPress plugin before 2.12.4 does not sanitise and escape some parameters when accepting event registrations, which could allow unauthenticated users to perform Cross-Site Scripting attacks.

EPSS 1.37% · 80.1th percentile

Risk Scores

CVSS v3.1

9.600000381469727

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

EPSS Score

1.37%

80.1th percentile

Affected Products

Vendor	Product	Versions
roundupwp	registrations_for_the_events_calendar	0
roundupwp	registrations_for_the_events_calendar	0
Unknown	Registrations for the Events Calendar	0

Timeline

Nov 8, 2024 Coalition ESS Score
Nov 8, 2024 Coalition ESS Score
Nov 8, 2024 CVE Published
Nov 8, 2024 CVE Updated
Nov 9, 2024 EPSS Score
Nov 26, 2024 EPSS Score
Dec 14, 2024 EPSS Score
Jan 18, 2025 EPSS Score
Feb 4, 2025 EPSS Score
Feb 21, 2025 EPSS Score
Mar 11, 2025 EPSS Score
Mar 23, 2025 EPSS Score

References

Open in Interactive Console →