CVE-2021-25083

🗓️ 24 Jan 2022 08:01:29Reported by WPScanType

cve🔗 web.nvd.nist.gov👁 48 Views🌐 WEB

The Events Calendar WordPress plugin before 2.7.10 allows Reflected Cross-Site Scriptin

Reporter	Title	Published	Views	Family All 12
Circl	CVE-2021-25083	24 Jan 202212:17	–	circl
CNNVD	WordPress plugin 跨站脚本漏洞	24 Jan 202200:00	–	cnnvd
CNVD	WordPress The Registrations for the Events Calendar plugin cross-site scripting vulnerability	26 Jan 202200:00	–	cnvd
Cvelist	CVE-2021-25083 Registrations for the Events Calendar < 2.7.10 - Reflected Cross-Site Scripting	24 Jan 202208:01	–	cvelist
EUVD	EUVD-2021-11995	7 Oct 202500:30	–	euvd
NVD	CVE-2021-25083	24 Jan 202208:15	–	nvd
OSV	CVE-2021-25083	24 Jan 202208:15	–	osv
Patchstack	WordPress Registrations for the Events Calendar plugin <= 2.7.9 - Reflected Cross-Site Scripting (XSS) vulnerability	27 Dec 202100:00	–	patchstack
Prion	Cross site scripting	24 Jan 202208:15	–	prion
RedhatCVE	CVE-2021-25083	22 May 202519:24	–	redhatcve

NVD

Vulners

Node

roundupwp registrations_for_the_events_calendarRange≤2.7.10wordpress

[
  {
    "product": "Registrations for the Events Calendar – Event Registration Plugin",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "2.7.10",
        "status": "affected",
        "version": "2.7.10",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
plugins	www.plugins.trac.wordpress.org/changeset/2648377
wpscan	www.wpscan.com/vulnerability/9b69544d-6a08-4757-901b-6ccf1cd00ecc

Parameter	Position	Path	Description	CWE
qtype	query param	wp-admin/admin.php?page=registrations-for-the-events-calendar&qtype=%22+style%3Danimation-name%3Arotation+onanimationstart%3Dalert%28/XSS/%29+p%3D	Reflected XSS via qtype parameter in the settings page output (attribute) of Registrations for The Events Calendar WordPress plugin.	CWE-79

17 Jun 2026 03:41Current

6.1Medium risk

Vulners AI Score6.1

CVSS 24.3

CVSS 3.16.1

EPSS0.00887

CWE-79