Reflected Cross-Site Scripting Vulnerability in EventON Plugin for WordPress
CVE-2023-4635
6.1MEDIUM
What is CVE-2023-4635?
The EventON plugin for WordPress is susceptible to reflected cross-site scripting (XSS) attacks due to inadequate input sanitization and output escaping in the 'tab' parameter. This vulnerability enables unauthenticated attackers to inject arbitrary web scripts into web pages. If a user is deceived into clicking a malicious link, the injected scripts can execute within their browser. This not only compromises user data but also poses significant risks to the website's integrity.
Affected Version(s)
EventON * <= 2.2.2