CVE-2024-7982
Registrations for The Events Calendar < 2.12.4 - Unauthenticated Stored XSS
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9.6EPSS 0.7%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
08 Nov 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The Registrations for the Events Calendar WordPress plugin before 2.12.4 does not sanitise and escape some parameters when accepting event registrations, which could allow unauthenticated users to perform Cross-Site Scripting attacks.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected products
Unknown · Registrations for the Events Calendar