cbcvebase.
CVE-2024-4180
published 2024-06-04

CVE-2024-4180: The Events Calendar WordPress plugin before 6.4.0.1 does not properly sanitize user-submitted content when rendering some views via AJAX.

PriorityP259critical9.1CVSS 3.1
AVNACLPRNUINSUCHIHAN
EXPLOIT
EPSS
1.83%
76.2th percentile
The Events Calendar WordPress plugin before 6.4.0.1 does not properly sanitize user-submitted content when rendering some views via AJAX.

Affected

1 ranges
VendorProductVersion rangeFixed in
stellarwpthe_events_calendar< 6.4.0.16.4.0.1

Detection & IOCsextracted from sources · hover to see the quote

sigma
contains_all(body, '<tribe-events>', 'event_display_mode') AND contains(content_type, 'text/html') AND status_code == 200
  • XSS payload delivery occurs via AJAX-rendered views in The Events Calendar plugin; monitor for unsanitized user-submitted content in AJAX responses containing 'event_display_mode' in the response body with Content-Type text/html and HTTP 200 status.
  • Detection should focus on responses containing both the tribe-events markup and the 'event_display_mode' parameter, which are characteristic of the vulnerable AJAX view rendering endpoint.
  • ·The vulnerable condition exists in versions of The Events Calendar WordPress plugin before 6.4.0.1; detections should be scoped to installations running versions prior to this fix.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.