cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2021-25024,https://securityvulnerability.io/vulnerability/CVE-2021-25024,Event Calendar < 1.1.51 - Reflected Cross-Site Scripting,"The EventCalendar WordPress plugin before 1.1.51 does not escape some user input before outputting it back in attributes, leading to Reflected Cross-SIte Scripting issues",Wordpress,Eventcalendar,6.1,MEDIUM,0.0007999999797903001,false,,false,false,false,,false,false,2022-01-17T13:00:31.000Z,0
CVE-2021-25025,https://securityvulnerability.io/vulnerability/CVE-2021-25025,Event Calendar < 1.1.51 - Subscriber+ Event Creation,"The EventCalendar WordPress plugin before 1.1.51 does not have proper authorisation and CSRF checks in the add_calendar_event AJAX actions, allowing users with a role as low as subscriber to create events",Wordpress,Eventcalendar,4.3,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2022-01-17T00:00:00.000Z,0