CVE-2021-24480
CVE-2021-24480 affects the WordPress plugin “Event Geek” up to version 2.5.2. The vulnerability is a stored Cross-Site Scripting (XSS) due to the plugin failing to sanitize/escape the "Use Your Own" setting before outputting it on a page. Exploitation requires authentication (admin+), enabling an...