5 matches found
CVE-2021-24813
The Events Made Easy WordPress plugin before 2.2.24 does not sanitise and escape Custom Field Names, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2021-24813
The Events Made Easy WordPress plugin before 2.2.24 does not sanitise and escape Custom Field Names, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2021-24813
The Events Made Easy WordPress plugin before 2.2.24 does not sanitise and escape Custom Field Names, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2021-24813 Events Made Easy < 2.2.24 - Admin+ Stored Cross-Site Scripting
The Events Made Easy WordPress plugin before 2.2.24 does not sanitise and escape Custom Field Names, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2021-24813
CVE-2021-24813 affects the WordPress plugin Events Made Easy prior to version 2.2.24. The vulnerability arises from insufficient sanitisation/escaping of Custom Field Names in the form field handling, enabling an authenticated, high-privilege user to perform stored XSS even if unfiltered_html is ...