Vulnerabilities > CVE-2021-24876 - Unspecified vulnerability in Roundupwp Registrations for the Events Calendar

CVSS 6.1 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

roundupwp

NVD

Published: 2021-11-29

Updated: 2024-11-21

Summary

The Registrations for the Events Calendar WordPress plugin before 2.7.5 does not escape the v parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting

Vulnerable Configurations

Part	Description	Count
Application	Roundupwp Roundupwp Registrations FOR THE Events Calendar *	1

References

https://wpscan.com/vulnerability/e77c2493-993d-418d-9629-a1f07b5a2b6f
https://wpscan.com/vulnerability/e77c2493-993d-418d-9629-a1f07b5a2b6f