Stored Cross-Site Scripting Vulnerability in The Events Calendar Plugin
CVE-2024-6931
7.2HIGH
What is CVE-2024-6931?
The Events Calendar plugin for WordPress suffers from a Stored Cross-Site Scripting vulnerability via the RSVP name field due to inadequate input sanitization and output escaping. This flaw allows unauthenticated attackers to inject malicious web scripts, which could then execute when users access the compromised pages, potentially compromising user data and security.
Affected Version(s)
The Events Calendar 0 <= 6.6.3