exploitDog

CVE-2024-7982

Опубликовано: 08 нояб. 2024

Источник: nvd

CVSS3: 9.6

EPSS Низкий

Описание

The Registrations for the Events Calendar WordPress plugin before 2.12.4 does not sanitise and escape some parameters when accepting event registrations, which could allow unauthenticated users to perform Cross-Site Scripting attacks.

Ссылки

https://wpscan.com/vulnerability/d79e1e9c-980d-4974-bfbd-d87d6e28d9a6/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:roundupwp:registrations_for_the_events_calendar:*:*:*:*:*:wordpress:*:*

Версия до 2.12.4 (исключая)

EPSS

Процентиль: 82%

0.01787

Низкий

9.6 Critical

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-wfm8-vp3v-66hp

CVSS3: 9.6

github

около 1 года назад

The Registrations for the Events Calendar WordPress plugin before 2.12.4 does not sanitise and escape some parameters when accepting event registrations, which could allow unauthenticated users to perform Cross-Site Scripting attacks.

EPSS

Процентиль: 82%

0.01787

Низкий

9.6 Critical

CVSS3

Дефекты

CWE-79