CVE-2024-7982

critical

Description

The Registrations for the Events Calendar WordPress plugin before 2.12.4 does not sanitise and escape some parameters when accepting event registrations, which could allow unauthenticated users to perform Cross-Site Scripting attacks.

References

https://wpscan.com/vulnerability/d79e1e9c-980d-4974-bfbd-d87d6e28d9a6/

Details

Source: Mitre, NVD

Published: 2024-11-08

Updated: 2024-11-08

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 9.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Severity: Critical

Detections

Analytics