XSS Vulnerability in Event List Plugin for WordPress by Kevin's Plugin
CVE-2017-12068

6.1MEDIUM

Key Information:

Vendor: Wordpress
Status: Event List
Vendor: CVE Published:; 1 August 2017

Summary

The Event List plugin version 0.7.9 for WordPress is vulnerable to Cross-Site Scripting (XSS) attacks through the slug array parameter during the delete_bulk action in the wp-admin/admin.php file. This vulnerability allows attackers to inject malicious scripts into web pages viewed by users, potentially compromising user data and leading to further attacks. Website owners should ensure that they update to a secured version to mitigate the risk.

References

https://github.com/kevins1022/cve/blob/master/wordpress-e...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Aug 1, 2017
Vulnerability Reserved
Jul 31, 2017