Lucene search
+L

834 matches found

CNVD
CNVD
added 2021/12/09 12:0 a.m.15 views

WordPress Registrations for the Events Calendar plugin SQL injection vulnerability

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL.The WordPress Registrations for the Events Calendar plugin had a SQL injection vulnerability prior to...

9.8CVSS3AI score0.07474EPSS
Exploits2References1
OSV
OSV
added 2021/12/06 4:15 p.m.3 views

CVE-2021-24943

The Registrations for the Events Calendar WordPress plugin before 2.7.6 does not sanitise and escape the eventid in the rtecsendunregisterlink AJAX action available to both unauthenticated and authenticated users before using it in a SQL statement, leading to an unauthenticated SQL injection...

9.8CVSS5.8AI score0.07474EPSS
Exploits2References1
Cvelist
Cvelist
added 2021/12/06 3:55 p.m.15 views

CVE-2021-24943 Registrations for the Events Calendar < 2.7.6 - Unauthenticated SQL Injection

The Registrations for the Events Calendar WordPress plugin before 2.7.6 does not sanitise and escape the eventid in the rtecsendunregisterlink AJAX action available to both unauthenticated and authenticated users before using it in a SQL statement, leading to an unauthenticated SQL injection...

10AI score0.07474EPSS
Exploits2References1
CNNVD
CNNVD
added 2021/12/06 12:0 a.m.6 views

WordPress和WordPress 插件 SQL注入漏洞

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL.The WordPress Registrations for the Events Calendar plugin had a SQL injection vulnerability prior to...

9.8CVSS6.2AI score0.07474EPSS
Exploits2References2
OSV
OSV
added 2021/11/29 9:15 a.m.5 views

CVE-2021-24876

The Registrations for the Events Calendar WordPress plugin before 2.7.5 does not escape the v parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting...

6.1CVSS5.8AI score0.01165EPSS
Exploits2References1
NVD
NVD
added 2021/11/29 9:15 a.m.22 views

CVE-2021-24876

The Registrations for the Events Calendar WordPress plugin before 2.7.5 does not escape the v parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting...

6.1CVSS0.01165EPSS
Exploits2References1
Cvelist
Cvelist
added 2021/11/29 8:25 a.m.32 views

CVE-2021-24876 Registrations for The Events Calendar < 2.7.5 - Reflected Cross-Site Scripting

The Registrations for the Events Calendar WordPress plugin before 2.7.5 does not escape the v parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting...

6.3AI score0.01165EPSS
Exploits2References1
CNNVD
CNNVD
added 2021/11/29 12:0 a.m.7 views

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on PHP and MySQL servers.WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the...

6.1CVSS6AI score0.01165EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2021/11/29 12:0 a.m.7 views

PT-2021-16349

Name of the Vulnerable Software and Affected Versions: The Registrations for the Events Calendar WordPress plugin versions prior to 2.7.5 Description: The issue concerns a Reflected Cross-Site Scripting problem. It arises because the v parameter is not properly escaped before being outputted back...

6.1CVSS5.6AI score0.01165EPSS
Exploits2References6
Patchstack
Patchstack
added 2021/11/15 12:0 a.m.35 views

WordPress Modern Events Calendar Lite plugin <= 6.1.0 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress Modern Events Calendar Lite plugin versions = 6.1.0. Solution Update the WordPress Modern Events Calendar Lite plugin to the latest available version at least 6.1.5...

9.8CVSS2.4AI score0.728EPSS
Exploits7References3Affected Software1
WPVulnDB
WPVulnDB
added 2021/11/15 12:0 a.m.23 views

Modern Events Calendar Lite < 6.1.5 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the currentmonthdivider parameter of its meclistloadmore AJAX call available to both unauthenticated and authenticated users before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue PoC...

6.1CVSS5.8AI score0.00795EPSS
Exploits2Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2021/11/15 12:0 a.m.3 views

VulnCheck KEV: CVE-2021-24946

The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not sanitise and escape the time parameter before using it in a SQL statement in the mecloadsinglepage AJAX action, available to unauthenticated users, leading to an unauthenticated SQL injection issue...

9.8CVSS7.4AI score0.728EPSS
Exploits7References1
wpexploit
wpexploit
added 2021/11/15 12:0 a.m.147 views

Modern Events Calendar Lite < 6.1.5 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the currentmonthdivider parameter of its meclistloadmore AJAX call available to both unauthenticated and authenticated users before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue...

6.1CVSS6AI score0.00795EPSS
Exploits2
Patchstack
Patchstack
added 2021/11/15 12:0 a.m.56 views

WordPress Modern Events Calendar Lite plugin <= 6.1.0 - Unauthenticated Blind SQL Injection (SQLi) vulnerability

Unauthenticated Blind SQL Injection SQLi vulnerability discovered by Krzysztof Zając in WordPress Modern Events Calendar Lite plugin versions = 6.1.0. Solution Update the WordPress Modern Events Calendar Lite plugin to the latest available version at least 6.1.5...

9.8CVSS3AI score0.728EPSS
Exploits7References3Affected Software1
WPVulnDB
WPVulnDB
added 2021/11/15 12:0 a.m.55 views

Modern Events Calendar < 6.1.5 - Unauthenticated Blind SQL Injection

The plugin does not sanitise and escape the time parameter before using it in a SQL statement in the mecloadsinglepage AJAX action, available to unauthenticated users, leading to an unauthenticated SQL injection issue PoC...

9.8CVSS9.8AI score0.728EPSS
Exploits7Affected Software1
OpenVAS
OpenVAS
added 2021/11/15 12:0 a.m.17 views

WordPress Modern Events Calendar Lite Plugin < 5.22.3 XSS Vulnerability

The WordPress plugin Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

5.4CVSS7AI score0.00629EPSS
Exploits2References2
VulnCheck KEV
VulnCheck KEV
added 2021/11/08 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-24943

The Registrations for the Events Calendar WordPress plugin before 2.7.6 does not sanitise and escape the eventid in the rtecsendunregisterlink AJAX action available to both unauthenticated and authenticated users before using it in a SQL statement, leading to an unauthenticated SQL injection...

9.8CVSS7.3AI score0.07474EPSS
Exploits2References1
Patchstack
Patchstack
added 2021/11/08 12:0 a.m.21 views

WordPress Registrations for the Events Calendar plugin <= 2.7.5 - SQL Injection (SQLi) vulnerability

SQL Injection SQLi vulnerability discovered by Krzysztof Zając in WordPress Registrations for the Events Calendar plugin versions = 2.7.5. Solution Update the WordPress Registrations for the Events Calendar plugin to the latest available version at least 2.7.6...

9.8CVSS3.2AI score0.07474EPSS
Exploits2References3Affected Software1
WPVulnDB
WPVulnDB
added 2021/11/08 12:0 a.m.23 views

Registrations for the Events Calendar < 2.7.6 - Unauthenticated SQL Injection

The plugin does not sanitise and escape the eventid in the rtecsendunregisterlink AJAX action available to both unauthenticated and authenticated users before using it in a SQL statement, leading to an unauthenticated SQL injection. PoC The below request will send an email to [email protected]...

9.8CVSS9.3AI score0.07474EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2021/11/08 12:0 a.m.799 views

Registrations for the Events Calendar < 2.7.6 - Unauthenticated SQL Injection

The plugin does not sanitise and escape the eventid in the rtecsendunregisterlink AJAX action available to both unauthenticated and authenticated users before using it in a SQL statement, leading to an unauthenticated SQL injection. The below request will send an email to [email protected] wi...

9.8CVSS9.5AI score0.07474EPSS
Exploits2
Rows per page
Query Builder