CVE-2021-25024

CVE-2021-25024: Event Calendar < 1.1.51 - Reflected Cross-Site Scripting

Vendor Unknown

Product EventCalendar

Weakness CWE-79 · XSS

Published January 17, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The EventCalendar WordPress plugin before 1.1.51 does not escape some user input before outputting it back in attributes, leading to Reflected Cross-SIte Scripting issues

Key dates

02Disclosure timeline

January 17, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-25024

Related vulnerabilities

04Related CVE

CVE-2024-54288 WordPress LDD Directory Lite plugin <= 3.3 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2025-39555 WordPress Church Admin plugin <= 5.0.23 - Cross Site Scripting (XSS) vulnerability CVE-2024-29203 TinyMCE Cross-Site Scripting (XSS) vulnerability in handling iframes CVE-2023-30481 WordPress AGP Font Awesome Collection Plugin <= 3.2.4 is vulnerable to Cross Site Scripting (XSS) CVE-2025-11421 code-projects Voting System candidates_edit.php cross site scripting