Lucene search
CVE-2021-24480
Event Geek WordPress plugin v2.5.2 auth stored XS
Show more
| Reporter | Title | Published | Views | Family All 6 |
|---|---|---|---|---|
 | Event Geek <= 2.5.2 - Stored Cross-site Scripting (XSS) | 28 Jun 202100:00 | – | wpvulndb |
 | Event Geek <= 2.5.2 - Stored Cross-site Scripting (XSS) | 28 Jun 202100:00 | – | wpexploit |
 | CVE-2021-24480 | 2 Aug 202111:15 | – | nvd |
 | Cross site scripting | 2 Aug 202111:15 | – | prion |
 | WordPress The Event Geek plugin cross-site scripting vulnerability | 5 Aug 202100:00 | – | cnvd |
 | CVE-2021-24480 Event Geek <= 2.5.2 - Stored Cross-site Scripting (XSS) | 2 Aug 202110:32 | – | cvelist |
Node
[
{
"product": "Event Geek",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "2.5.2",
"status": "affected",
"version": "2.5.2",
"versionType": "custom"
}
]
}
]| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| Use your own theme (enter URL) | request body | /wp-admin/edit.php?post_type=gg_events&page=gg_event_menu | Stored Cross-Site Scripting (XSS) vulnerability due to lack of sanitization in the 'Use your own theme' setting. | CWE-79 |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo02 Aug 2021 11:15Current
4.8Medium risk
Vulners AI Score4.8
CVSS23.5
CVSS34.8
EPSS0.01965