CVE-2021-24876

MEDIUM EXPLOITED NUCLEI

Events Calendar <2.7.5 - XSS

Title source: llm

Description

The Registrations for the Events Calendar WordPress plugin before 2.7.5 does not escape the v parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting

Nuclei Templates (1)

Registrations for The Events Calendar < 2.7.5 - Authenticated Reflected Cross-Site Scripting

MEDIUMby popcorn94

FOFA: body="/wp-content/plugins/registrations-for-the-events-calendar/"

References (1)

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/e77c2493-993d-418d-9629-a1f07b5a2b6f

Scores

CVSS v3 6.1

EPSS 0.0025

EPSS Percentile 47.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

VulnCheck KEV 2021-10-27

CWE

CWE-79

Status published

Products (1)

roundupwp/registrations_for_the_events_calendar < 2.7.5

Published Nov 29, 2021

Tracked Since Feb 18, 2026