CVE-2021-24876
MEDIUM EXPLOITED NUCLEIRegistrations for the Events Calendar < 2.7.5 - Reflected Cross-Site Scripting via v Parameter
Title source: llmExploitation Summary
CVE-2021-24876 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.
Description
The Registrations for the Events Calendar WordPress plugin before 2.7.5 does not escape the v parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting
Nuclei Templates (1)
Registrations for The Events Calendar < 2.7.5 - Authenticated Reflected Cross-Site Scripting
MEDIUMby popcorn94
FOFA:
body="/wp-content/plugins/registrations-for-the-events-calendar/"
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/e77c2493-993d-418d-9629-a1f07b5a2b6f
Scores
CVSS v3
6.1
EPSS
0.0117
EPSS Percentile
63.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
VulnCheck KEV
2021-10-27
CWE
CWE-79
Status
published
Products (1)
roundupwp/registrations_for_the_events_calendar
< 2.7.5
Published
Nov 29, 2021
Tracked Since
Feb 18, 2026