CyberSec.Space Logo
CVEブラウザに戻る

CVE-2021-25083

MEDIUM
6.1
CVSS Severity Score
EPSS Score0.1650%
EPSS Percentile12.71th
Published2022年1月24日
Last Modified2024年11月21日

Vulnerability Description

The Registrations for the Events Calendar WordPress plugin before 2.7.10 does not escape the qtype parameter before outputting it back in an attribute in the settings page, leading to a Reflected Cross-Site Scripting

Affected Platforms (CPE)

📦
Roundupwp

Registrations For The Events Calendar

<= 2.7.10

References & Advisories

🔗 https://plugins.trac.wordpress.org/changeset/2648377
🔗 https://wpscan.com/vulnerability/9b69544d-6a08-4757-901b-6ccf1cd00ecc
🔗 https://plugins.trac.wordpress.org/changeset/2648377
🔗 https://wpscan.com/vulnerability/9b69544d-6a08-4757-901b-6ccf1cd00ecc

関連する脆弱性情報

CVE-2021-249439.8

The Registrations for the Events Calendar WordPress plugin before 2.7.6 does not sanitise and escape the event_id in the rtec_send...

CVE-2021-248766.1

The Registrations for the Events Calendar WordPress plugin before 2.7.5 does not escape the v parameter before outputting it back ...

CVE-2021-4155610.0

sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an out-of-bounds read (in the core interpreter) that can lead to ...

CVE-2021-3467910.0

Thycotic Password Reset Server before 5.3.0 allows credential disclosure.