4 matches found
CVE-2024-10703
The Registrations for the Events Calendar WordPress plugin before 2.13.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...
CVE-2024-10703
The CVE-2024-10703 entry concerns the WordPress plugin Registrations for The Events Calendar (pre-2.13.4). The issue is that the plugin does not sanitize/escape certain settings, which could allow stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (such as i...
CVE-2024-10703 Registrations for The Events Calendar < 2.13.4 - Admin+ Stored XSS
The Registrations for the Events Calendar WordPress plugin before 2.13.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...
CVE-2024-10703 Registrations for The Events Calendar < 2.13.4 - Admin+ Stored XSS
The Registrations for the Events Calendar WordPress plugin before 2.13.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...