Registrations for The Events Calendar 漏洞列表
共找到 4 个与 Registrations for The Events Calendar 相关的漏洞
📅 加载漏洞趋势中...
-
CVE-2021-24943: Registrations for the Events Calendar < 2.7.6 - SQL Injection POC
The Registrations for the Events Calendar WordPress plugin before 2.7.6 does not sanitise and escape the event_id in the rtec_send_unregister_link AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to an unauthenticated SQL injection. -
CVE-2021-24876: Registrations for The Events Calendar < 2.7.5 - Authenticated Reflected Cross-Site Scripting POC
The Registrations for the Events Calendar WordPress plugin before 2.7.5 does not escape the v parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting -
CVE-2021-24876: Registrations for The Events Calendar < 2.7.5 - Authenticated Reflected Cross-Site Scripting POC
The Registrations for the Events Calendar WordPress plugin before 2.7.5 does not escape the v parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting -
CVE-2021-24943: Registrations for the Events Calendar < 2.7.6 - SQL Injection POC
The Registrations for the Events Calendar WordPress plugin before 2.7.6 does not sanitise and escape the event_id in the rtec_send_unregister_link AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to an unauthenticated SQL injection.