NuytsTech Security

CVE-2021-25083

by ·

The Registrations for the Events Calendar WordPress plugin before 2.7.10 does not escape the qtype parameter before outputting it back in an attribute in the settings page, leading to a Reflected Cross-Site Scripting

Date published : 2022-01-24

https://plugins.trac.wordpress.org/changeset/2648377

https://wpscan.com/vulnerability/9b69544d-6a08-4757-901b-6ccf1cd00ecc

Tags: