Vulnerability Details CVE-2021-24724
The Timetable and Event Schedule by MotoPress WordPress plugin before 2.3.19 does not sanitise some of its parameters, which could allow low privilege users such as author to perform XSS attacks against frontend and backend users when viewing the related event/s
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 48.5%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
- https://plugins.trac.wordpress.org/changeset/2573479/
- https://wpscan.com/vulnerability/c1194a1e-bf33-4f3f-a4a6-27b76b1b1eeb
- https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29235
- https://plugins.trac.wordpress.org/changeset/2573479/
- https://wpscan.com/vulnerability/c1194a1e-bf33-4f3f-a4a6-27b76b1b1eeb
- https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=29235
Products affected by CVE-2021-24724
-
cpe:2.3:a:motopress:timetable_and_event_schedule:-
-
cpe:2.3:a:motopress:timetable_and_event_schedule:1.0.3
-
cpe:2.3:a:motopress:timetable_and_event_schedule:1.0.4
-
cpe:2.3:a:motopress:timetable_and_event_schedule:1.0.5
-
cpe:2.3:a:motopress:timetable_and_event_schedule:1.0.6
-
cpe:2.3:a:motopress:timetable_and_event_schedule:1.0.7
-
cpe:2.3:a:motopress:timetable_and_event_schedule:1.1.0
-
cpe:2.3:a:motopress:timetable_and_event_schedule:1.1.2
-
cpe:2.3:a:motopress:timetable_and_event_schedule:1.1.3
-
cpe:2.3:a:motopress:timetable_and_event_schedule:1.1.4
-
cpe:2.3:a:motopress:timetable_and_event_schedule:1.1.5
-
cpe:2.3:a:motopress:timetable_and_event_schedule:1.1.6
-
cpe:2.3:a:motopress:timetable_and_event_schedule:1.4.06
-
cpe:2.3:a:motopress:timetable_and_event_schedule:2.0.0
-
cpe:2.3:a:motopress:timetable_and_event_schedule:2.0.1
-
cpe:2.3:a:motopress:timetable_and_event_schedule:2.0.2
-
cpe:2.3:a:motopress:timetable_and_event_schedule:2.0.3
-
cpe:2.3:a:motopress:timetable_and_event_schedule:2.0.4
-
cpe:2.3:a:motopress:timetable_and_event_schedule:2.1.0
-
cpe:2.3:a:motopress:timetable_and_event_schedule:2.1.1
-
cpe:2.3:a:motopress:timetable_and_event_schedule:2.1.10
-
cpe:2.3:a:motopress:timetable_and_event_schedule:2.1.11
-
cpe:2.3:a:motopress:timetable_and_event_schedule:2.1.12
-
cpe:2.3:a:motopress:timetable_and_event_schedule:2.1.2
-
cpe:2.3:a:motopress:timetable_and_event_schedule:2.1.3
-
cpe:2.3:a:motopress:timetable_and_event_schedule:2.1.4
-
cpe:2.3:a:motopress:timetable_and_event_schedule:2.1.5
-
cpe:2.3:a:motopress:timetable_and_event_schedule:2.1.6
-
cpe:2.3:a:motopress:timetable_and_event_schedule:2.1.7
-
cpe:2.3:a:motopress:timetable_and_event_schedule:2.1.8
-
cpe:2.3:a:motopress:timetable_and_event_schedule:2.1.9
-
cpe:2.3:a:motopress:timetable_and_event_schedule:2.2.0
-
cpe:2.3:a:motopress:timetable_and_event_schedule:2.2.1
-
cpe:2.3:a:motopress:timetable_and_event_schedule:2.3.0
-
cpe:2.3:a:motopress:timetable_and_event_schedule:2.3.1
-
cpe:2.3:a:motopress:timetable_and_event_schedule:2.3.10
-
cpe:2.3:a:motopress:timetable_and_event_schedule:2.3.11
-
cpe:2.3:a:motopress:timetable_and_event_schedule:2.3.12
-
cpe:2.3:a:motopress:timetable_and_event_schedule:2.3.13
-
cpe:2.3:a:motopress:timetable_and_event_schedule:2.3.14
-
cpe:2.3:a:motopress:timetable_and_event_schedule:2.3.15
-
cpe:2.3:a:motopress:timetable_and_event_schedule:2.3.17
-
cpe:2.3:a:motopress:timetable_and_event_schedule:2.3.18
-
cpe:2.3:a:motopress:timetable_and_event_schedule:2.3.2
-
cpe:2.3:a:motopress:timetable_and_event_schedule:2.3.3
-
cpe:2.3:a:motopress:timetable_and_event_schedule:2.3.4
-
cpe:2.3:a:motopress:timetable_and_event_schedule:2.3.5
-
cpe:2.3:a:motopress:timetable_and_event_schedule:2.3.6
-
cpe:2.3:a:motopress:timetable_and_event_schedule:2.3.7
-
cpe:2.3:a:motopress:timetable_and_event_schedule:2.3.8
-
cpe:2.3:a:motopress:timetable_and_event_schedule:2.3.9