CVE-2021-24876

MEDIUM

6.1

CVSS Severity Score

EPSS Score0.1890%

EPSS Percentile2.97th

PublishedNov 29, 2021

Last ModifiedNov 21, 2024

Vulnerability Description

The Registrations for the Events Calendar WordPress plugin before 2.7.5 does not escape the v parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting

Affected Platforms (CPE)

📦

Roundupwp

Registrations For The Events Calendar

< 2.7.5

References & Advisories

🔗 https://wpscan.com/vulnerability/e77c2493-993d-418d-9629-a1f07b5a2b6f

Related Vulnerabilities

CVE-2021-249439.8

The Registrations for the Events Calendar WordPress plugin before 2.7.6 does not sanitise and escape the event_id in the rtec_send...

CVE-2021-250836.1

The Registrations for the Events Calendar WordPress plugin before 2.7.10 does not escape the qtype parameter before outputting it ...

CVE-2021-021110.0

An improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Evolved Routing Protocol Daemon ...

CVE-2021-2124310.0

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, a Kubernetes REST endpoint exposes two methods that deser...