Cross-Site Scripting Vulnerability in EventPress by duogeek
CVE-2024-51861

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Eventpress
Vendor: CVE Published:; 19 November 2024

What is CVE-2024-51861?

The EventPress plugin developed by duogeek has a security flaw that allows for Stored Cross-Site Scripting (XSS). This vulnerability occurs due to improper handling of input during the generation of web pages, which could enable attackers to inject malicious scripts. As a result, users could be exposed to harmful actions that compromise the integrity of their data and the security of their websites. It is crucial for users of EventPress versions up to 1.0.0 to implement necessary updates and security measures to mitigate the associated risks.

Affected Version(s)

EventPress 0 <= 1.0.0

References

https://patchstack.com/database/Wordpress/Plugin/wp-event...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 19, 2024

CVE-2024-51861 Data

JSON

WordPress

What is CVE-2024-51861?

Affected Version(s)

References

CVSS V3.1

Timeline