Reflected XSS Vulnerability in Xylus Themes WP Event Aggregator
CVE-2025-24700

7.1HIGH

Key Information:

Vendor: WordPress
Status: WP Event Aggregator
Vendor: CVE Published:; 14 February 2025

What is CVE-2025-24700?

A reflected cross-site scripting vulnerability exists in the WP Event Aggregator plugin developed by Xylus Themes. This flaw permits attackers to inject malicious scripts via manipulated URLs, potentially exposing users to security risks during web page generation. All versions up to and including 1.8.2 are impacted, making it crucial for web administrators to implement patches or updates to protect their sites.

Affected Version(s)

WP Event Aggregator <= 1.8.2

References

https://patchstack.com/database/wordpress/plugin/wp-event...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 14, 2025
Vulnerability Reserved
Jan 23, 2025

Credit

0xd4rk5id3 (Patchstack Alliance)