ГлавнаяУязвимости → CVE-2024-7982
9.6критическая

CVE-2024-7982

Описание

The Registrations for the Events Calendar WordPress plugin before 2.12.4 does not sanitise and escape some parameters when accepting event registrations, which could allow unauthenticated users to perform Cross-Site Scripting attacks.

Затрагиваемое ПО
Roundupwp Registrations for the events calendar
CVSS
Балл9.6 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Источники
https://wpscan.com/vulnerability/d79e1e9c-980d-4974-bfbd-d87d6e28d9a6/