CVE-2021-25083

CVE-2021-25083: Registrations for the Events Calendar < 2.7.10 - Reflected Cross-Site Scripting

Vendor Unknown

Product Registrations for the Events Calendar – Event Registration Plugin

Weakness CWE-79 · XSS

Published January 24, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Registrations for the Events Calendar WordPress plugin before 2.7.10 does not escape the qtype parameter before outputting it back in an attribute in the settings page, leading to a Reflected Cross-Site Scripting

Key dates

02Disclosure timeline

January 24, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-25083 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2022-46843 WordPress Woocommerce Vietnam Checkout Plugin <= 2.0.4 is vulnerable to Cross Site Scripting (XSS) CVE-2018-25097 Acumos Design Studio cross site scripting CVE-2025-5179 Realce Tecnologia Queue Ticket Kiosk Cadastro de Administrador Page index.php cross site scripting CVE-2025-2049 code-projects Blood Bank System AB+.php cross site scripting CVE-2022-4735 asrashley dash-live DOM Node media.js ready cross site scripting