CVE-2021-24496

Published: Aug 2, 2021Modified: Jun 17, 2026

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

The Community Events WordPress plugin before 1.4.8 does not sanitise, validate or escape its importrowscount and successimportcount GET parameters before outputting them back in an admin page, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a logged in administrator

Affected (1)

Products: Community Events Project: Community Events

Community Events Project

1 product

Community Events

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Community Events Project Community Events	Before 1.4.8

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

https://wpscan.com/vulnerability/5fd1cb7f-a036-4c5b-9557-0ffd4ef6b834

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/5fd1cb7f-a036-4c5b-9557-0ffd4ef6b834

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.