4 matches found
CVE-2024-1320
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'offlinestatus' parameter in all versions up to, and including, 3.4.3 due to insufficient input sanitization and output escaping. This makes it possible for...
WordPress EventPrime Plugin <= 3.4.3 is vulnerable to Cross Site Scripting (XSS)
Software EventPrime Type Plugin Vulnerable versions = 3.4.3 Fixed in 3.4.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1320 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0caa29a440c8 Credits Lucio Sá Required...
CVE-2024-1320
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'offlinestatus' parameter in all versions up to, and including, 3.4.3 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2024-1320
EventPrime – Events Calendar, Bookings and Tickets for WordPress is vulnerable to Stored Cross-Site Scripting via the offline_status parameter in all versions up to 3.4.3 due to insufficient input sanitization and output escaping. The vulnerability allows unauthenticated attackers to inject scrip...