CyberSec.Space Logo
Back to CVE Browser

CVE-2021-25083

MEDIUM
6.1
CVSS Severity Score
EPSS Score0.1650%
EPSS Percentile12.71th
PublishedJan 24, 2022
Last ModifiedNov 21, 2024

Vulnerability Description

The Registrations for the Events Calendar WordPress plugin before 2.7.10 does not escape the qtype parameter before outputting it back in an attribute in the settings page, leading to a Reflected Cross-Site Scripting

Affected Platforms (CPE)

πŸ“¦
Roundupwp

Registrations For The Events Calendar

<= 2.7.10

References & Advisories

πŸ”— https://plugins.trac.wordpress.org/changeset/2648377
πŸ”— https://wpscan.com/vulnerability/9b69544d-6a08-4757-901b-6ccf1cd00ecc
πŸ”— https://plugins.trac.wordpress.org/changeset/2648377
πŸ”— https://wpscan.com/vulnerability/9b69544d-6a08-4757-901b-6ccf1cd00ecc

Related Vulnerabilities

CVE-2021-249439.8

The Registrations for the Events Calendar WordPress plugin before 2.7.6 does not sanitise and escape the event_id in the rtec_send...

CVE-2021-248766.1

The Registrations for the Events Calendar WordPress plugin before 2.7.5 does not escape the v parameter before outputting it back ...

CVE-2021-4155610.0

sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an out-of-bounds read (in the core interpreter) that can lead to ...

CVE-2021-2732910.0

Friendica 2021.01 allows SSRF via parse_url?binurl= for DNS lookups or HTTP requests to arbitrary domain names.