Filtered by vendor Roundupwp
Subscribe
Total
3 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-24876 | 1 Roundupwp | 1 Registrations For The Events Calendar | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
The Registrations for the Events Calendar WordPress plugin before 2.7.5 does not escape the v parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting | |||||
CVE-2021-24943 | 1 Roundupwp | 1 Registrations For The Events Calendar | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The Registrations for the Events Calendar WordPress plugin before 2.7.6 does not sanitise and escape the event_id in the rtec_send_unregister_link AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to an unauthenticated SQL injection. | |||||
CVE-2021-25083 | 1 Roundupwp | 1 Registrations For The Events Calendar | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
The Registrations for the Events Calendar WordPress plugin before 2.7.10 does not escape the qtype parameter before outputting it back in an attribute in the settings page, leading to a Reflected Cross-Site Scripting |