← back
CVE-2024-7982

Registrations for The Events Calendar < 2.12.4 - Unauthenticated Stored XSS

CVSS 9.6 CRITICALEPSS 0.7%CWE-79
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9.6EPSS 0.7%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
08 Nov 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The Registrations for the Events Calendar WordPress plugin before 2.12.4 does not sanitise and escape some parameters when accepting event registrations, which could allow unauthenticated users to perform Cross-Site Scripting attacks.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H