Reflected Cross-Site Scripting Vulnerability in WP Event Manager Plugin
CVE-2024-0976
6.1MEDIUM
Key Information:
- Vendor
Wordpress
- Vendor
- CVE Published:
- 13 March 2024
What is CVE-2024-0976?
The WP Event Manager plugin for WordPress is susceptible to Reflected Cross-Site Scripting due to inadequate input sanitization and output escaping. This vulnerability exists in all versions up to and including 3.1.41. Attackers can exploit this flaw to inject malicious scripts, which can execute if a user unwittingly interacts with a manipulated link, potentially compromising the security of the affected site.
Affected Version(s)
WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce * <= 3.1.41