CVE-2024-7982
Registrations for The Events Calendar < 2.12.4 - Unauthenticated Stored XSS
Vexday Risk Score
28Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 9.6EPSS 0.7%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
08 nov 2024Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
The Registrations for the Events Calendar WordPress plugin before 2.12.4 does not sanitise and escape some parameters when accepting event registrations, which could allow unauthenticated users to perform Cross-Site Scripting attacks.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Produtos afetados
Unknown · Registrations for the Events Calendar