The Registrations for the Events Calendar WordPress plugin before 2.7.10 does not escape the qtype parameter before outputting it back in an attribute in the settings page, leading to a Reflected Cross-Site Scripting
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2022-01-24T08:01:29

Updated: 2024-08-03T19:56:09.977Z

Reserved: 2021-01-14T00:00:00

Link: CVE-2021-25083

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2022-01-24T08:15:09.977

Modified: 2022-01-27T21:56:56.237

Link: CVE-2021-25083

cve-icon Redhat

No data.