834 matches found
WordPress Registrations for the Events Calendar plugin SQL injection vulnerability
WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL.The WordPress Registrations for the Events Calendar plugin had a SQL injection vulnerability prior to...
CVE-2021-24943
The Registrations for the Events Calendar WordPress plugin before 2.7.6 does not sanitise and escape the eventid in the rtecsendunregisterlink AJAX action available to both unauthenticated and authenticated users before using it in a SQL statement, leading to an unauthenticated SQL injection...
CVE-2021-24943 Registrations for the Events Calendar < 2.7.6 - Unauthenticated SQL Injection
The Registrations for the Events Calendar WordPress plugin before 2.7.6 does not sanitise and escape the eventid in the rtecsendunregisterlink AJAX action available to both unauthenticated and authenticated users before using it in a SQL statement, leading to an unauthenticated SQL injection...
WordPress和WordPress 插件 SQL注入漏洞
WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL.The WordPress Registrations for the Events Calendar plugin had a SQL injection vulnerability prior to...
CVE-2021-24876
The Registrations for the Events Calendar WordPress plugin before 2.7.5 does not escape the v parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting...
CVE-2021-24876
The Registrations for the Events Calendar WordPress plugin before 2.7.5 does not escape the v parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting...
CVE-2021-24876 Registrations for The Events Calendar < 2.7.5 - Reflected Cross-Site Scripting
The Registrations for the Events Calendar WordPress plugin before 2.7.5 does not escape the v parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting...
WordPress 插件跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on PHP and MySQL servers.WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the...
PT-2021-16349
Name of the Vulnerable Software and Affected Versions: The Registrations for the Events Calendar WordPress plugin versions prior to 2.7.5 Description: The issue concerns a Reflected Cross-Site Scripting problem. It arises because the v parameter is not properly escaped before being outputted back...
WordPress Modern Events Calendar Lite plugin <= 6.1.0 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress Modern Events Calendar Lite plugin versions = 6.1.0. Solution Update the WordPress Modern Events Calendar Lite plugin to the latest available version at least 6.1.5...
Modern Events Calendar Lite < 6.1.5 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape the currentmonthdivider parameter of its meclistloadmore AJAX call available to both unauthenticated and authenticated users before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue PoC...
VulnCheck KEV: CVE-2021-24946
The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not sanitise and escape the time parameter before using it in a SQL statement in the mecloadsinglepage AJAX action, available to unauthenticated users, leading to an unauthenticated SQL injection issue...
Modern Events Calendar Lite < 6.1.5 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape the currentmonthdivider parameter of its meclistloadmore AJAX call available to both unauthenticated and authenticated users before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue...
WordPress Modern Events Calendar Lite plugin <= 6.1.0 - Unauthenticated Blind SQL Injection (SQLi) vulnerability
Unauthenticated Blind SQL Injection SQLi vulnerability discovered by Krzysztof Zając in WordPress Modern Events Calendar Lite plugin versions = 6.1.0. Solution Update the WordPress Modern Events Calendar Lite plugin to the latest available version at least 6.1.5...
Modern Events Calendar < 6.1.5 - Unauthenticated Blind SQL Injection
The plugin does not sanitise and escape the time parameter before using it in a SQL statement in the mecloadsinglepage AJAX action, available to unauthenticated users, leading to an unauthenticated SQL injection issue PoC...
WordPress Modern Events Calendar Lite Plugin < 5.22.3 XSS Vulnerability
The WordPress plugin Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...
VulnCheck KEV: CVE-2021-24943
The Registrations for the Events Calendar WordPress plugin before 2.7.6 does not sanitise and escape the eventid in the rtecsendunregisterlink AJAX action available to both unauthenticated and authenticated users before using it in a SQL statement, leading to an unauthenticated SQL injection...
WordPress Registrations for the Events Calendar plugin <= 2.7.5 - SQL Injection (SQLi) vulnerability
SQL Injection SQLi vulnerability discovered by Krzysztof Zając in WordPress Registrations for the Events Calendar plugin versions = 2.7.5. Solution Update the WordPress Registrations for the Events Calendar plugin to the latest available version at least 2.7.6...
Registrations for the Events Calendar < 2.7.6 - Unauthenticated SQL Injection
The plugin does not sanitise and escape the eventid in the rtecsendunregisterlink AJAX action available to both unauthenticated and authenticated users before using it in a SQL statement, leading to an unauthenticated SQL injection. PoC The below request will send an email to [email protected]...
Registrations for the Events Calendar < 2.7.6 - Unauthenticated SQL Injection
The plugin does not sanitise and escape the eventid in the rtecsendunregisterlink AJAX action available to both unauthenticated and authenticated users before using it in a SQL statement, leading to an unauthenticated SQL injection. The below request will send an email to [email protected] wi...