Lucene search

CVE-2024-3628

🗓️ 07 May 2024 06:08:15Reported by WPScanType

cve🔗 web.nvd.nist.gov👁 5294 Views🌐 WEB

EasyEvent WordPress plugin allows high privilege Cross-Site Scriptin

Reporter	Title	Published	Views	Family All 7
Vulnrichment	CVE-2024-3628 EasyEvent <= 1.0.0 - Admin+ Stored XSS	7 May 202406:00	–	vulnrichment
Patchstack	WordPress EasyEvent Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)	7 May 202400:00	–	patchstack
wpexploit	EasyEvent <= 1.0.0 - Admin+ Stored XSS	16 Apr 202400:00	–	wpexploit
WPVulnDB	EasyEvent <= 1.0.0 - Admin+ Stored XSS	16 Apr 202400:00	–	wpvulndb
NVD	CVE-2024-3628	7 May 202406:15	–	nvd
Cvelist	CVE-2024-3628 EasyEvent <= 1.0.0 - Admin+ Stored XSS	7 May 202406:00	–	cvelist
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (April 15, 2024 to April 21, 2024)	25 Apr 202415:56	–	wordfence

Vulners

Vulnrichment

Node

faktorystudios easyeventRange≤1.0.0wordpress

[
  {
    "vendor": "Unknown",
    "product": "EasyEvent",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThanOrEqual": "1.0.0"
      }
    ],
    "defaultStatus": "affected"
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/171af8eb-ceeb-403a-abc2-969d9535a4c9/

Parameter	Position	Path	Description	CWE
ID	request body	/wp-admin/options-general.php?page=easyevent	The EasyEvent WordPress plugin allows XSS through unsanitized settings.	CWE-79

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

07 May 2024 06:15Current

5.9Medium risk

Vulners AI Score5.9

CVSS33.8

EPSS0.00143

SSVC