HTTP: WordPress The Events Calendar Plugin RSVP Stored Cross-Site Scripting
This signature detects attempts to exploit a known cross-site scripting vulnerability against "The Events Calendar" plugin for WordPress. It is due to insufficient validation of user-supplied input. Attackers can steal cookie-based authentication credentials and launch other attacks.
Extended Description
The The Events Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via RSVP name field in all versions up to, and including, 6.6.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected Products
Stellarwp the_events_calendar
References
CVE: CVE-2024-6931
Short Name
HTTP:XSS:WP-EVNT-CLNDR-SXSS
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2024-6931 Calendar Cross-Site Events Plugin RSVP Scripting Stored The WordPress
Release Date
10/28/2024
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3753
False Positive
Unknown
Vendors
Stellarwp