CVE-2021-24876
published 2021-11-29CVE-2021-24876: The Registrations for the Events Calendar WordPress plugin before 2.7.5 does not escape the v parameter before outputting it back in an attribute, leading to a…
PriorityP278medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
1.17%
63.3th percentile
The Registrations for the Events Calendar WordPress plugin before 2.7.5 does not escape the v parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| roundupwp | registrations_for_the_events_calendar | < 2.7.5 | 2.7.5 |
Detection & IOCsextracted from sources · hover to see the quote
url/wp-admin/admin.php?page=registrations-for-the-events-calendar&tab=registrations&v="+style=animation-name:rotation+onanimationstart=alert(document.domain)//↗
- →Detect exploitation attempts by looking for the unescaped 'v' parameter containing XSS payload in requests to the registrations-for-the-events-calendar admin page ↗
- →Flag HTTP GET requests to /wp-admin/admin.php with query parameters page=registrations-for-the-events-calendar and a 'v' parameter containing HTML/JS injection characters (e.g., quotes, style=, onanimationstart=) ↗
- →Successful exploitation returns HTTP 200 with content-type text/html and reflects the injected payload inside an HTML input attribute in the response body ↗
- →Presence of the plugin path in page body can be used to fingerprint vulnerable installations for targeted scanning ↗
- ·Exploitation requires the attacker to be authenticated (logged in) to the WordPress instance before the XSS payload can be triggered via the admin panel endpoint ↗
- ·The vulnerability exists only in plugin versions prior to 2.7.5; instances running 2.7.5 or later are not affected ↗
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vulncheck6.1MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-j464-8gjj-h5jc: The Registrations for the Events Calendar WordPress plugin before 2
ghsa_unreviewed·2021-11-30
CVE-2021-24876 [MEDIUM] CWE-79 GHSA-j464-8gjj-h5jc: The Registrations for the Events Calendar WordPress plugin before 2
The Registrations for the Events Calendar WordPress plugin before 2.7.5 does not escape the v parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting
VulnCheck
roundupwp registrations_for_the_events_calendar Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
vulncheck·2021·CVSS 6.1
CVE-2021-24876 [MEDIUM] roundupwp registrations_for_the_events_calendar Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
roundupwp registrations_for_the_events_calendar Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The Registrations for the Events Calendar WordPress plugin before 2.7.5 does not escape the v parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting
Affected: roundupwp registrations_for_the_events_calendar
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://patchstack.com/database/vulnerability/registrations-for-the-events-calendar/wordpress-registrations-for-the-events-calendar-plugin-2-7-4-reflected-cross-site-scripting-xss-vulnerability
No detection rules found.
Nuclei
Registrations for The Events Calendar < 2.7.5 - Authenticated Reflected Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2021-24876 [MEDIUM] Registrations for The Events Calendar < 2.7.5 - Authenticated Reflected Cross-Site Scripting
Registrations for The Events Calendar < 2.7.5 - Authenticated Reflected Cross-Site Scripting
The Registrations for the Events Calendar WordPress plugin before 2.7.5 does not escape the v parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting
Template:
id: CVE-2021-24876
info:
name: Registrations for The Events Calendar < 2.7.5 - Authenticated Reflected Cross-Site Scripting
author: popcorn94
severity: medium
description: |
The Registrations for the Events Calendar WordPress plugin before 2.7.5 does not escape the v parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting
impact: |
Attackers can inject malicious JavaScript via reflected XSS, potentially stealing administrator session cookies or performing a
No writeups or analysis indexed.
2021-11-29
Published
Exploited in the wild