Reflected XSS Vulnerability in Awesome Event Booking by Awesome TOGI
CVE-2025-24560

7.1HIGH

Key Information:

Vendor: WordPress
Status: Awesome Event Booking
Vendor: CVE Published:; 31 January 2025

Summary

A reflected cross-site scripting (XSS) vulnerability exists in Awesome Event Booking, allowing attackers to inject malicious scripts through improperly neutralized input during web page generation. This flaw affects all versions prior to 2.7.1, posing a security risk to users who interact with the manipulated content. Implementing proper input validation and sanitization measures is crucial to mitigate potential exploits.

Affected Version(s)

Awesome Event Booking <= 2.7.1

References

https://patchstack.com/database/wordpress/plugin/awesome-...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 31, 2025
Vulnerability Reserved
Jan 23, 2025

Credit

thiennv (Patchstack Alliance)