Lucene search

K
cvelistWPScanCVELIST:CVE-2021-24480
HistoryAug 02, 2021 - 10:32 a.m.

CVE-2021-24480 Event Geek <= 2.5.2 - Stored Cross-site Scripting (XSS)

2021-08-0210:32:20
CWE-79
WPScan
www.cve.org
1
cve-2021-24480
event geek
wordpress
stored cross-site scripting

EPSS

0.001

Percentile

24.8%

The Event Geek WordPress plugin through 2.5.2 does not sanitise or escape its "Use your own " setting before outputting it in the page, leading to an authenticated (admin+) stored Cross-Site Scripting issue

CNA Affected

[
  {
    "product": "Event Geek",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThanOrEqual": "2.5.2",
        "status": "affected",
        "version": "2.5.2",
        "versionType": "custom"
      }
    ]
  }
]

EPSS

0.001

Percentile

24.8%

Related for CVELIST:CVE-2021-24480