CVE-2021-24813

CVE-2021-24813: Events Made Easy < 2.2.24 - Admin+ Stored Cross-Site Scripting

Vendor Unknown
Product Events Made Easy
Weakness CWE-79 · XSS
Published November 1, 2021
Last update August 3, 2024
View on NVD All CVEs

CVSS base score

What the vulnerability does

01Description

The Events Made Easy WordPress plugin before 2.2.24 does not sanitise and escape Custom Field Names, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

Key dates

02Disclosure timeline

November 1, 2021 CVE published
August 3, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-34316 IPFire < v2.29 Stored XSS via Mail Server Settings CVE-2024-4735 Campcodes Legal Case Management System tasks cross site scripting CVE-2025-23565 WordPress Wibstats plugin <= 0.5.5 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2023-1688 SourceCodester Earnings and Expense Tracker App cross site scripting CVE-2026-34571 CI4MS: Stored Cross‑Site Scripting (Stored XSS) in Backend User Management Allows Session Hijacking and Full Administrative Account Compromise