QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2021-24496

Back to search

CVE-2021-24496

Published: Aug 2, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

The Community Events WordPress plugin before 1.4.8 does not sanitise, validate or escape its importrowscount and successimportcount GET parameters before outputting them back in an admin page, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a logged in administrator

VendorProductVersions

Unknown

Community Events

affected
1.4.8 - < 1.4.8

Weaknesses (CWE)

CWE-79

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now