RSS   Vulnerabilities for
'Registrations for the events calendar'
   RSS

2022-01-24
 
CVE-2021-25083

CWE-79
 

 
The Registrations for the Events Calendar WordPress plugin before 2.7.10 does not escape the qtype parameter before outputting it back in an attribute in the settings page, leading to a Reflected Cross-Site Scripting

 
2021-12-06
 
CVE-2021-24943

CWE-89
 

 
The Registrations for the Events Calendar WordPress plugin before 2.7.6 does not sanitise and escape the event_id in the rtec_send_unregister_link AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to an unauthenticated SQL injection.

 
2021-11-29
 
CVE-2021-24876

CWE-79
 

 
The Registrations for the Events Calendar WordPress plugin before 2.7.5 does not escape the v parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting

 


Copyright 2024, cxsecurity.com

 

Back to Top