CVE-2021-24724

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

5.4MEDIUM

EPSS

0.3%

top 51.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Unknown Timetable AND Event Schedule BY Motopress Motopress Timetable AND Event Schedule

Timeline

PublishedSep 13

Latest updateMay 24

Description

The Timetable and Event Schedule by MotoPress WordPress plugin before 2.3.19 does not sanitise some of its parameters, which could allow low privilege users such as author to perform XSS attacks against frontend and backend users when viewing the related event/s

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶NVDmotopress/timetable_and_event_schedule< 2.3.19

▶CVEListV5unknown/timetable_and_event_schedule_by_motopress2.3.19 — 2.3.19

🔴Vulnerability Details

GHSA

GHSA-c847-r6f2-c2wj: The Timetable and Event Schedule by MotoPress WordPress plugin before 2↗2022-05-24

▶

CVEList

Timetable and Event Schedule by MotoPress < 2.3.19 - Author+ Stored Cross-Site Scripting↗2021-09-13

▶