cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-11870,https://securityvulnerability.io/vulnerability/CVE-2024-11870,Stored Cross-Site Scripting in Event Registration Calendar Plugin by vcita for WordPress,"The Event Registration Calendar by vcita plugin for WordPress contains a vulnerability that allows authenticated attackers—specifically those with contributor-level access and higher—to exploit stored Cross-Site Scripting (XSS) through the use of the plugin's shortcodes. The vulnerability arises from insufficient input sanitization and output escaping for user-supplied attributes, potentially enabling the injection of arbitrary web scripts. This malicious script execution occurs whenever a user accesses an affected page, leading to unauthorized actions, data exposure, or user impersonation.",Wordpress,Event Registration Calendar By Vcita,6.4,MEDIUM,0.0006799999973736703,false,,false,false,false,false,false,false,2025-01-15T07:10:46.770Z,0
CVE-2023-2406,https://securityvulnerability.io/vulnerability/CVE-2023-2406,Stored Cross-Site Scripting Vulnerability in Event Registration Calendar and Online Payments Plugins by vcita,"The Event Registration Calendar by vcita plugin and the Online Payments plugin for WordPress are susceptible to stored Cross-Site Scripting (XSS) vulnerabilities due to inadequate input sanitization and output escaping in the 'email' parameter. Authenticated attackers with the capability to edit posts can exploit this vulnerability to inject arbitrary web scripts. These scripts will execute whenever a user accesses an affected page, leading to potential unauthorized actions or data disclosure. Users are strongly urged to upgrade to secure versions to mitigate this risk.",Wordpress,"Event Registration Calendar By vcita,Online Payments – Get Paid with PayPal, Square & Stripe",5.4,MEDIUM,0.004449999891221523,false,,false,false,false,,false,false,2023-06-03T05:15:00.000Z,0
CVE-2023-2407,https://securityvulnerability.io/vulnerability/CVE-2023-2407,Cross-Site Request Forgery in Event Registration Calendar Plugin by vcita for WordPress,"The Event Registration Calendar and Online Payments plugins by vcita for WordPress are susceptible to Cross-Site Request Forgery (CSRF) due to inadequate nonce validation in the ls_parse_vcita_callback() function. This vulnerability allows unauthenticated attackers to alter plugin settings and potentially inject malicious JavaScript through deceptive requests if they manage to coerce an administrator into executing a specific action, such as clicking a rogue link.",Wordpress,"Event Registration Calendar By vcita,Online Payments – Get Paid with PayPal, Square & Stripe",6.5,MEDIUM,0.0020699999295175076,false,,false,false,false,,false,false,2023-06-03T05:15:00.000Z,0