CVE-2021-24724
Summary
| CVE | CVE-2021-24724 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-09-13 18:15:00 UTC |
| Updated | 2021-09-23 15:25:00 UTC |
| Description | The Timetable and Event Schedule by MotoPress WordPress plugin before 2.3.19 does not sanitise some of its parameters, which could allow low privilege users such as author to perform XSS attacks against frontend and backend users when viewing the related event/s |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Motopress | Timetable And Event Schedule | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| www.trustwave.com/en-us/resources/security-resources/security-advisories | MISC | www.trustwave.com | |
| Attention Required! | Cloudflare | MISC | wpscan.com | |
| 403 Forbidden | CONFIRM | plugins.trac.wordpress.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: Martin Vierula of Trustwave
There are currently no legacy QID mappings associated with this CVE.