← voltar
CVE-2021-25083

Registrations for the Events Calendar < 2.7.10 - Reflected Cross-Site Scripting

EPSS 0.9%CWE-79
The Registrations for the Events Calendar WordPress plugin before 2.7.10 does not escape the qtype parameter before outputting it back in an attribute in the settings page, leading to a Reflected Cross-Site Scripting
Produtos afetados
Unknown · Registrations for the Events Calendar – Event Registration Plugin

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://plugins.trac.wordpress.org/changeset/2648377https://wpscan.com/vulnerability/9b69544d-6a08-4757-901b-6ccf1cd00ecc