Search criteria
6 vulnerabilities found for Registrations for the Events Calendar – Event Registration Plugin by Unknown
CVE-2021-25083 (GCVE-0-2021-25083)
Vulnerability from nvd – Published: 2022-01-24 08:01 – Updated: 2024-08-03 19:56
VLAI?
Title
Registrations for the Events Calendar < 2.7.10 - Reflected Cross-Site Scripting
Summary
The Registrations for the Events Calendar WordPress plugin before 2.7.10 does not escape the qtype parameter before outputting it back in an attribute in the settings page, leading to a Reflected Cross-Site Scripting
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Registrations for the Events Calendar – Event Registration Plugin |
Affected:
2.7.10 , < 2.7.10
(custom)
|
Credits
Krzysztof Zając
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:09.977Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/9b69544d-6a08-4757-901b-6ccf1cd00ecc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2648377"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Registrations for the Events Calendar \u2013 Event Registration Plugin",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.7.10",
"status": "affected",
"version": "2.7.10",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Krzysztof Zaj\u0105c"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Registrations for the Events Calendar WordPress plugin before 2.7.10 does not escape the qtype parameter before outputting it back in an attribute in the settings page, leading to a Reflected Cross-Site Scripting"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-24T08:01:29",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/9b69544d-6a08-4757-901b-6ccf1cd00ecc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plugins.trac.wordpress.org/changeset/2648377"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Registrations for the Events Calendar \u003c 2.7.10 - Reflected Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-25083",
"STATE": "PUBLIC",
"TITLE": "Registrations for the Events Calendar \u003c 2.7.10 - Reflected Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Registrations for the Events Calendar \u2013 Event Registration Plugin",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.7.10",
"version_value": "2.7.10"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Krzysztof Zaj\u0105c"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Registrations for the Events Calendar WordPress plugin before 2.7.10 does not escape the qtype parameter before outputting it back in an attribute in the settings page, leading to a Reflected Cross-Site Scripting"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/9b69544d-6a08-4757-901b-6ccf1cd00ecc",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/9b69544d-6a08-4757-901b-6ccf1cd00ecc"
},
{
"name": "https://plugins.trac.wordpress.org/changeset/2648377",
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2648377"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-25083",
"datePublished": "2022-01-24T08:01:29",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:56:09.977Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24943 (GCVE-0-2021-24943)
Vulnerability from nvd – Published: 2021-12-06 15:55 – Updated: 2024-08-03 19:49
VLAI?
Title
Registrations for the Events Calendar < 2.7.6 - Unauthenticated SQL Injection
Summary
The Registrations for the Events Calendar WordPress plugin before 2.7.6 does not sanitise and escape the event_id in the rtec_send_unregister_link AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to an unauthenticated SQL injection.
Severity ?
No CVSS data available.
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Registrations for the Events Calendar – Event Registration Plugin |
Affected:
2.7.6 , < 2.7.6
(custom)
|
Credits
Krzysztof Zając
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:49:13.882Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/ba50c590-42ee-4523-8aa0-87ac644b77ed"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Registrations for the Events Calendar \u2013 Event Registration Plugin",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.7.6",
"status": "affected",
"version": "2.7.6",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Krzysztof Zaj\u0105c"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Registrations for the Events Calendar WordPress plugin before 2.7.6 does not sanitise and escape the event_id in the rtec_send_unregister_link AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to an unauthenticated SQL injection."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-06T15:55:39",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/ba50c590-42ee-4523-8aa0-87ac644b77ed"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Registrations for the Events Calendar \u003c 2.7.6 - Unauthenticated SQL Injection",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24943",
"STATE": "PUBLIC",
"TITLE": "Registrations for the Events Calendar \u003c 2.7.6 - Unauthenticated SQL Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Registrations for the Events Calendar \u2013 Event Registration Plugin",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.7.6",
"version_value": "2.7.6"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Krzysztof Zaj\u0105c"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Registrations for the Events Calendar WordPress plugin before 2.7.6 does not sanitise and escape the event_id in the rtec_send_unregister_link AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to an unauthenticated SQL injection."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/ba50c590-42ee-4523-8aa0-87ac644b77ed",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/ba50c590-42ee-4523-8aa0-87ac644b77ed"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24943",
"datePublished": "2021-12-06T15:55:39",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:49:13.882Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24876 (GCVE-0-2021-24876)
Vulnerability from nvd – Published: 2021-11-29 08:25 – Updated: 2024-08-03 19:49
VLAI?
Title
Registrations for The Events Calendar < 2.7.5 - Reflected Cross-Site Scripting
Summary
The Registrations for the Events Calendar WordPress plugin before 2.7.5 does not escape the v parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Registrations for the Events Calendar – Event Registration Plugin |
Affected:
2.7.5 , < 2.7.5
(custom)
|
Credits
JrXnm
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:49:13.511Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/e77c2493-993d-418d-9629-a1f07b5a2b6f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Registrations for the Events Calendar \u2013 Event Registration Plugin",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.7.5",
"status": "affected",
"version": "2.7.5",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "JrXnm"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Registrations for the Events Calendar WordPress plugin before 2.7.5 does not escape the v parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-29T08:25:43",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/e77c2493-993d-418d-9629-a1f07b5a2b6f"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Registrations for The Events Calendar \u003c 2.7.5 - Reflected Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24876",
"STATE": "PUBLIC",
"TITLE": "Registrations for The Events Calendar \u003c 2.7.5 - Reflected Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Registrations for the Events Calendar \u2013 Event Registration Plugin",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.7.5",
"version_value": "2.7.5"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "JrXnm"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Registrations for the Events Calendar WordPress plugin before 2.7.5 does not escape the v parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/e77c2493-993d-418d-9629-a1f07b5a2b6f",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/e77c2493-993d-418d-9629-a1f07b5a2b6f"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24876",
"datePublished": "2021-11-29T08:25:43",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:49:13.511Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25083 (GCVE-0-2021-25083)
Vulnerability from cvelistv5 – Published: 2022-01-24 08:01 – Updated: 2024-08-03 19:56
VLAI?
Title
Registrations for the Events Calendar < 2.7.10 - Reflected Cross-Site Scripting
Summary
The Registrations for the Events Calendar WordPress plugin before 2.7.10 does not escape the qtype parameter before outputting it back in an attribute in the settings page, leading to a Reflected Cross-Site Scripting
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Registrations for the Events Calendar – Event Registration Plugin |
Affected:
2.7.10 , < 2.7.10
(custom)
|
Credits
Krzysztof Zając
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:09.977Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/9b69544d-6a08-4757-901b-6ccf1cd00ecc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2648377"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Registrations for the Events Calendar \u2013 Event Registration Plugin",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.7.10",
"status": "affected",
"version": "2.7.10",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Krzysztof Zaj\u0105c"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Registrations for the Events Calendar WordPress plugin before 2.7.10 does not escape the qtype parameter before outputting it back in an attribute in the settings page, leading to a Reflected Cross-Site Scripting"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-24T08:01:29",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/9b69544d-6a08-4757-901b-6ccf1cd00ecc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plugins.trac.wordpress.org/changeset/2648377"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Registrations for the Events Calendar \u003c 2.7.10 - Reflected Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-25083",
"STATE": "PUBLIC",
"TITLE": "Registrations for the Events Calendar \u003c 2.7.10 - Reflected Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Registrations for the Events Calendar \u2013 Event Registration Plugin",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.7.10",
"version_value": "2.7.10"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Krzysztof Zaj\u0105c"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Registrations for the Events Calendar WordPress plugin before 2.7.10 does not escape the qtype parameter before outputting it back in an attribute in the settings page, leading to a Reflected Cross-Site Scripting"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/9b69544d-6a08-4757-901b-6ccf1cd00ecc",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/9b69544d-6a08-4757-901b-6ccf1cd00ecc"
},
{
"name": "https://plugins.trac.wordpress.org/changeset/2648377",
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2648377"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-25083",
"datePublished": "2022-01-24T08:01:29",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:56:09.977Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24943 (GCVE-0-2021-24943)
Vulnerability from cvelistv5 – Published: 2021-12-06 15:55 – Updated: 2024-08-03 19:49
VLAI?
Title
Registrations for the Events Calendar < 2.7.6 - Unauthenticated SQL Injection
Summary
The Registrations for the Events Calendar WordPress plugin before 2.7.6 does not sanitise and escape the event_id in the rtec_send_unregister_link AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to an unauthenticated SQL injection.
Severity ?
No CVSS data available.
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Registrations for the Events Calendar – Event Registration Plugin |
Affected:
2.7.6 , < 2.7.6
(custom)
|
Credits
Krzysztof Zając
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:49:13.882Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/ba50c590-42ee-4523-8aa0-87ac644b77ed"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Registrations for the Events Calendar \u2013 Event Registration Plugin",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.7.6",
"status": "affected",
"version": "2.7.6",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Krzysztof Zaj\u0105c"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Registrations for the Events Calendar WordPress plugin before 2.7.6 does not sanitise and escape the event_id in the rtec_send_unregister_link AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to an unauthenticated SQL injection."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-06T15:55:39",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/ba50c590-42ee-4523-8aa0-87ac644b77ed"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Registrations for the Events Calendar \u003c 2.7.6 - Unauthenticated SQL Injection",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24943",
"STATE": "PUBLIC",
"TITLE": "Registrations for the Events Calendar \u003c 2.7.6 - Unauthenticated SQL Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Registrations for the Events Calendar \u2013 Event Registration Plugin",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.7.6",
"version_value": "2.7.6"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Krzysztof Zaj\u0105c"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Registrations for the Events Calendar WordPress plugin before 2.7.6 does not sanitise and escape the event_id in the rtec_send_unregister_link AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to an unauthenticated SQL injection."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/ba50c590-42ee-4523-8aa0-87ac644b77ed",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/ba50c590-42ee-4523-8aa0-87ac644b77ed"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24943",
"datePublished": "2021-12-06T15:55:39",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:49:13.882Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24876 (GCVE-0-2021-24876)
Vulnerability from cvelistv5 – Published: 2021-11-29 08:25 – Updated: 2024-08-03 19:49
VLAI?
Title
Registrations for The Events Calendar < 2.7.5 - Reflected Cross-Site Scripting
Summary
The Registrations for the Events Calendar WordPress plugin before 2.7.5 does not escape the v parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Registrations for the Events Calendar – Event Registration Plugin |
Affected:
2.7.5 , < 2.7.5
(custom)
|
Credits
JrXnm
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:49:13.511Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/e77c2493-993d-418d-9629-a1f07b5a2b6f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Registrations for the Events Calendar \u2013 Event Registration Plugin",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.7.5",
"status": "affected",
"version": "2.7.5",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "JrXnm"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Registrations for the Events Calendar WordPress plugin before 2.7.5 does not escape the v parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-29T08:25:43",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/e77c2493-993d-418d-9629-a1f07b5a2b6f"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Registrations for The Events Calendar \u003c 2.7.5 - Reflected Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24876",
"STATE": "PUBLIC",
"TITLE": "Registrations for The Events Calendar \u003c 2.7.5 - Reflected Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Registrations for the Events Calendar \u2013 Event Registration Plugin",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.7.5",
"version_value": "2.7.5"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "JrXnm"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Registrations for the Events Calendar WordPress plugin before 2.7.5 does not escape the v parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/e77c2493-993d-418d-9629-a1f07b5a2b6f",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/e77c2493-993d-418d-9629-a1f07b5a2b6f"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24876",
"datePublished": "2021-11-29T08:25:43",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:49:13.511Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}