Vulnerability Description
The Timetable and Event Schedule by MotoPress WordPress plugin before 2.3.19 does not sanitise some of its parameters, which could allow low privilege users such as author to perform XSS attacks against frontend and backend users when viewing the related event/s
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Motopress | Timetable And Event Schedule | < 2.3.19 |
Related Weaknesses (CWE)
References
- https://plugins.trac.wordpress.org/changeset/2573479/Third Party Advisory
- https://wpscan.com/vulnerability/c1194a1e-bf33-4f3f-a4a6-27b76b1b1eebExploitThird Party Advisory
- https://www.trustwave.com/en-us/resources/security-resources/security-advisoriesExploitThird Party Advisory
- https://plugins.trac.wordpress.org/changeset/2573479/Third Party Advisory
- https://wpscan.com/vulnerability/c1194a1e-bf33-4f3f-a4a6-27b76b1b1eebExploitThird Party Advisory
- https://www.trustwave.com/en-us/resources/security-resources/security-advisoriesExploitThird Party Advisory
FAQ
What is CVE-2021-24724?
CVE-2021-24724 is a vulnerability with a CVSS score of 5.4 (MEDIUM). The Timetable and Event Schedule by MotoPress WordPress plugin before 2.3.19 does not sanitise some of its parameters, which could allow low privilege users such as author to perform XSS attacks again...
How severe is CVE-2021-24724?
CVE-2021-24724 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-24724?
Check the references section above for vendor advisories and patch information. Affected products include: Motopress Timetable And Event Schedule.