CVE-2021-24496

CVE-2021-24496: Community Event < 1.4.8 - Reflected Cross-Site Scripting (XSS)

Vendor Unknown
Product Community Events
Weakness CWE-79 · XSS
Published August 2, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The Community Events WordPress plugin before 1.4.8 does not sanitise, validate or escape its importrowscount and successimportcount GET parameters before outputting them back in an admin page, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a logged in administrator

Key dates

02Disclosure timeline

August 2, 2021 CVE published
August 3, 2024 Record updated